πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901 aws-saa-c03 aws-aif-c01
Guided MS-700 Domain 1
Domain 1 β€” Module 2 of 13 15%
2 of 27 overall

MS-700 Study Guide

Domain 1: Configure and manage a Teams environment

  • Network Planning & Readiness
  • Security Roles, Alerts & Defender
  • Retention & Sensitivity Labels
  • DLP & Conditional Access
  • Information Barriers & Insider Risk
  • Update Policies & Policy Packages
  • Group Creation, Naming & Expiration
  • Archive, Restore & Access Reviews
  • Guest Access & External Sharing
  • Shared Channels & Cross-Tenant Access
  • Teams Phone & Resource Accounts
  • Teams Rooms & Device Management
  • PowerShell & Graph Automation

Domain 2: Manage teams, channels, chats, and apps

  • Teams Rollout & Creation Free
  • Membership, Roles & Team Settings Free
  • Channel Types & Policies Free
  • App Management & Permissions Free
  • App Extensibility & Store Free

Domain 3: Manage meetings and calling

  • Meeting Types & Settings
  • Webinars & Town Halls
  • Phone Numbers & Conferencing
  • Voice Policies & Voicemail
  • Auto Attendants & Call Routing

Domain 4: Monitor, report on, and troubleshoot Teams

  • Voice & Meeting Quality
  • Usage, Alerts & Diagnostics Tools
  • Client Logs & Diagnostics
  • Copilot & Meeting Troubleshooting

MS-700 Study Guide

Domain 1: Configure and manage a Teams environment

  • Network Planning & Readiness
  • Security Roles, Alerts & Defender
  • Retention & Sensitivity Labels
  • DLP & Conditional Access
  • Information Barriers & Insider Risk
  • Update Policies & Policy Packages
  • Group Creation, Naming & Expiration
  • Archive, Restore & Access Reviews
  • Guest Access & External Sharing
  • Shared Channels & Cross-Tenant Access
  • Teams Phone & Resource Accounts
  • Teams Rooms & Device Management
  • PowerShell & Graph Automation

Domain 2: Manage teams, channels, chats, and apps

  • Teams Rollout & Creation Free
  • Membership, Roles & Team Settings Free
  • Channel Types & Policies Free
  • App Management & Permissions Free
  • App Extensibility & Store Free

Domain 3: Manage meetings and calling

  • Meeting Types & Settings
  • Webinars & Town Halls
  • Phone Numbers & Conferencing
  • Voice Policies & Voicemail
  • Auto Attendants & Call Routing

Domain 4: Monitor, report on, and troubleshoot Teams

  • Voice & Meeting Quality
  • Usage, Alerts & Diagnostics Tools
  • Client Logs & Diagnostics
  • Copilot & Meeting Troubleshooting
Domain 1: Configure and manage a Teams environment Premium ⏱ ~14 min read

Security Roles, Alerts & Defender

Teams security starts with the right admin roles, alert policies, and Defender XDR threat protection. Learn which roles can do what, how to set up alerts, and how Defender protects Teams.

Security foundations for Teams

β˜• Simple explanation

Think of Teams security like running a building.

You need security guards (admin roles β€” different guards have different keys), alarm systems (alert policies that notify you when something suspicious happens), and a security company (Microsoft Defender XDR that actively hunts threats).

Not every guard needs every key. The receptionist doesn’t need access to the vault. Same with Teams admin roles β€” give people only the access they need.

Teams security is layered across multiple Microsoft 365 services. Teams-specific admin roles control who can manage what. Alert policies in the Microsoft Purview compliance portal trigger notifications for suspicious activities. Microsoft Defender XDR provides advanced threat protection β€” Safe Attachments scans files shared in Teams, Safe Links checks URLs in messages, and Defender for Cloud Apps monitors Teams usage patterns.

Licensing determines which security features are available. Most advanced threat protection requires Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 add-on licences.

Teams administrator roles

Microsoft provides several admin roles specifically for Teams management. The exam tests your ability to choose the least-privileged role for each scenario.

Teams admin roles β€” least-privilege principle
FeatureWhat They Can DoWhat They Cannot DoTypical Scenario
Teams AdministratorFull control over Teams service β€” policies, settings, users, teams, channels, apps, phone, devicesCannot manage Exchange, SharePoint, or Entra ID settingsPrimary Teams admin β€” Tara at Pinnacle Corp
Teams Communications AdministratorManage meetings, calling policies, phone numbers, conferencing bridges, voice routingCannot manage teams, channels, apps, or org-wide settingsVoice/phone specialist β€” manages call queues and auto attendants
Teams Communications Support EngineerView call analytics for ALL users (full call records)Cannot change any settings or policiesNetwork engineer investigating quality issues across the org
Teams Communications Support SpecialistView call analytics for specific users (anonymised for others)Cannot see full call records for all users, cannot change settingsHelpdesk agent like Jaylen troubleshooting a specific user's issue
Teams Devices AdministratorManage Teams devices β€” configuration profiles, firmware, device healthCannot manage policies, users, voice, or meetingsTara's colleague who manages 200+ Teams Rooms devices
Global AdministratorEverything β€” all Microsoft 365 servicesN/A (full access)Emergency only β€” never use for daily Teams admin work

Exam principle: Always choose the least-privileged role that can complete the task. If someone only needs to manage phone numbers and calling policies, assign Teams Communications Administrator β€” not Teams Administrator.

Scenario: Nadia requests the right roles at Sterling Financial

Sterling Financial has strict role separation requirements. Nadia needs to assign Teams admin roles to her team:

  • Nadia herself: Manages compliance settings (DLP, retention, IB) β†’ She needs Compliance Administrator (not a Teams role β€” compliance is managed in Purview)
  • IT Operations lead: Manages all Teams policies and settings β†’ Teams Administrator
  • Voice engineer: Manages phone numbers, call queues, auto attendants β†’ Teams Communications Administrator
  • Helpdesk team (3 agents): Troubleshoot individual user call quality β†’ Teams Communications Support Specialist (anonymised data for other users)
  • Network engineer: Investigate org-wide call quality patterns β†’ Teams Communications Support Engineer (full call records)
  • Device technician: Manages conference room devices β†’ Teams Devices Administrator

This follows least-privilege: no one gets more access than their job requires.

Licensing for security features

Not all security features are available with every licence:

Security FeatureRequired LicenceNotes
Alert policiesMicrosoft Purview / Microsoft 365 licensing dependentBuilt-in alerts for suspicious sign-ins, malware
Custom alert policiesE5, E5 Compliance, or A5Create alerts for specific Teams activities
Safe Attachments for TeamsDefender for Office 365 P1/P2 or E5Scans files shared in Teams channels and chats
Safe Links for TeamsDefender for Office 365 P1/P2 or E5Checks URLs in Teams messages at click-time
Defender for Cloud AppsE5 or Defender for Cloud Apps add-onMonitors Teams sessions, detects anomalous behaviour
Information barriersE5, E5 Compliance, or IB add-onPrevents communication between specific groups
Communication complianceE5, E5 Compliance, or Insider Risk add-onMonitors messages for policy violations

Exam tip: When a question says β€œat minimum cost,” look for the cheapest licence that includes the required feature. E5 includes everything, but if you only need Safe Attachments, Defender for Office 365 Plan 1 is cheaper.

Alert policies for Teams

Alert policies notify admins when specific events occur. They’re configured in the Microsoft Purview compliance portal (compliance.microsoft.com) or Microsoft Defender portal (security.microsoft.com).

Built-in alert policies (available to all):

  • Unusual volume of external file sharing
  • Suspicious email forwarding activity
  • Malware detected in files

Custom alert policies (E5 required) let you create alerts for Teams-specific events:

  • User shared a file externally from Teams
  • Guest added to a sensitive team
  • Teams policy changed by a non-standard admin
  • Unusual spike in Teams meetings created

Creating a custom alert policy

  1. Go to Microsoft Purview compliance portal β†’ Policies β†’ Alert policies
  2. Click New alert policy
  3. Configure: name, severity (low/medium/high), category, activity trigger
  4. Set threshold: single event or activity above a count within a time window
  5. Choose notification recipients (email addresses)
  6. Review and create
πŸ’‘ Exam tip: Alert policy vs. DLP policy

Don’t confuse alert policies with DLP policies:

  • Alert policies = β€œnotify me when something happens” (reactive monitoring)
  • DLP policies = β€œblock or warn when sensitive data is shared” (proactive prevention)

Both can be triggered by Teams activity, but they serve different purposes. An alert policy tells you after the fact. A DLP policy prevents the action (or warns the user) before it happens.

Microsoft Defender XDR for Teams

Microsoft Defender XDR provides advanced threat protection that extends to Teams:

Safe Attachments for Teams

When enabled, files shared in Teams channels and chats are scanned in a sandbox (detonation chamber) before users can open them. If a file is malicious, it’s quarantined.

Configuration: Microsoft Defender portal β†’ Policies & rules β†’ Threat policies β†’ Safe Attachments β†’ Enable for SharePoint, OneDrive, and Teams.

Files in Teams are stored in SharePoint (channel files) or OneDrive (chat files), so Safe Attachments for β€œSharePoint, OneDrive, and Teams” is a single toggle.

Safe Links for Teams

When enabled, URLs in Teams messages are checked at click-time. If a link is malicious, the user sees a warning page instead of the dangerous site.

Configuration: Microsoft Defender portal β†’ Policies & rules β†’ Threat policies β†’ Safe Links β†’ Create or edit a policy β†’ ensure Teams is included.

Defender for Cloud Apps

Monitors Teams usage patterns and can detect:

  • Impossible travel (user active in Teams from two countries simultaneously)
  • Mass file downloads from Teams channels
  • Unusual guest activity patterns
  • Session anomalies
Scenario: Nadia configures Defender for Sterling Financial

Sterling Financial handles sensitive financial data. Nadia configures three layers of Defender protection:

  1. Safe Attachments: Enabled for SharePoint/OneDrive/Teams β€” scans every file shared in Teams before anyone can open it
  2. Safe Links: Custom policy for all users β€” URLs in Teams messages are rewritten and checked at click-time
  3. Defender for Cloud Apps: Alert when a guest user downloads more than 50 files in an hour from any Teams channel

When a phishing link is shared in a Teams chat, Safe Links blocks it at click-time. When a contractor uploads a macro-enabled Excel file, Safe Attachments detonates it in a sandbox and quarantines it before anyone can open it.

🎬 Video walkthrough

🎬 Video coming soon

Security Roles, Alerts & Defender β€” MS-700 Module 2

Security Roles, Alerts & Defender β€” MS-700 Module 2

~12 min

Flashcards

Question

What Teams admin role should you assign to someone who only manages phone numbers and calling policies?

Click or press Enter to reveal answer

Answer

Teams Communications Administrator. This role can manage meetings, calling policies, phone numbers, and conferencing bridges β€” but cannot manage teams, channels, apps, or org-wide settings.

Click to flip back
Question

What's the difference between Teams Communications Support Engineer and Support Specialist?

Click or press Enter to reveal answer

Answer

Engineer: can view full call analytics for ALL users. Specialist: can only view call details for specific users (other users' data is anonymised). Neither can change settings.

Click to flip back
Question

Where are files shared in Teams actually stored?

Click or press Enter to reveal answer

Answer

Channel files β†’ SharePoint document library (each team has a SharePoint site). Chat files β†’ sender's OneDrive. This is why Safe Attachments for 'SharePoint, OneDrive, and Teams' is a single toggle.

Click to flip back
Question

What licence is needed for Safe Attachments and Safe Links in Teams?

Click or press Enter to reveal answer

Answer

Microsoft Defender for Office 365 Plan 1 or Plan 2, or Microsoft 365 E5. These features protect files and URLs shared in Teams channels and chats.

Click to flip back

Knowledge Check

Knowledge Check

Sterling Financial's helpdesk agent needs to investigate why a specific user is experiencing poor call quality. The agent should NOT be able to see full call records for other users. Which role should Nadia assign?
Knowledge Check

Nadia wants to be alerted when a guest user downloads more than 50 files in one hour from any Teams channel at Sterling Financial. What should she configure?
Knowledge Check

A Teams admin needs to protect users from malicious links shared in Teams chat messages. The organisation has Microsoft 365 E3 licences. What is the MINIMUM additional licence needed?

Next up: Retention & Sensitivity Labels β€” how to configure retention policies and sensitivity labels specifically for Teams messages, meetings, and channels.

← Previous

Network Planning & Readiness

Next β†’

Retention & Sensitivity Labels

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.