MICROSOFT CERTIFICATION
MS-203 Messaging Administrator Associate Practice Exam
Exam Number: 3149 | Last updated 16-Apr-26 | 816+ questions across 4 vendor-aligned objectives
The MS-203 Messaging Administrator Associate certification validates the skills of messaging administrators who plan, deploy, configure, and manage messaging infrastructure in Exchange Online and hybrid environments. This exam measures your ability to work with Exchange Online, Exchange Server, Mail Flow, Transport Rules, Message Hygiene, Microsoft Purview, demonstrating both conceptual understanding and practical implementation skills required in today’s enterprise environments.
The heaviest exam domains include Plan and Manage the Mail Transport Architecture (25–30%), Manage Organizational Settings and Resources (20–25%), and Plan and Implement a Hybrid Configuration and Migration (20–25%). These areas collectively represent the majority of exam content and require focused preparation across their respective subtopics.
Additional domains tested include Secure the Messaging Environment (20–25%). Together, these areas round out the full exam blueprint and ensure candidates possess well-rounded expertise across the certification scope.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Microsoft documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
240
practice exam users
94.4%
satisfied users
92.2%
passed the exam
4.6/5
quality rating
Test your MS-203 Messaging Administrator Associate knowledge
10 of 816+ questions
Question #1 - Manage Organizational Settings and Resources
A company needs to configure shared mailboxes for departments (sales@, support@) that multiple users can access without consuming an Exchange Online license.
Which mailbox type should the administrator create?
A) Microsoft 365 Groups
B) Regular user mailboxes assigned to a generic account
C) Shared mailboxes that do not require a license for mailboxes under 50 GB
D) Distribution groups
Show solution
Correct answers: C – Explanation:
Shared mailboxes allow multiple users to read and send from a common address without requiring individual licenses (under 50 GB). Regular mailboxes consume licenses. Distribution groups deliver mail but lack a shared inbox. M365 Groups have broader functionality but different licensing. Source: Check Source
Question #2 - Manage Organizational Settings and Resources
A company needs shared mailboxes for departments (sales@, support@) accessible by multiple users without consuming licenses.
Which mailbox type should the administrator create?
A) Distribution groups delivering mail to members without providing a shared inbox for reading
B) Shared mailboxes providing multi-user access without requiring a license under the 50 GB limit
C) Regular user mailboxes assigned to generic accounts which each consume an Exchange Online license
D) Microsoft 365 Groups providing broader collaboration features with different licensing and scope
Show solution
Correct answers: B – Explanation:
Shared mailboxes allow multiple users to read from and send as a common address without requiring individual licenses for mailboxes under 50 GB storage. Regular user mailboxes each consume a license regardless of whether they represent a person or department function. Distribution groups deliver copies to member mailboxes but do not provide a shared inbox where all users read the same messages. M365 Groups offer broader collaboration including Teams, Planner, and SharePoint but with different scope and licensing considerations. Source: Check Source
Question #3 - Manage Organizational Settings and Resources
A law firm requires that departed employee mailboxes be preserved for 7 years for legal compliance but hidden from the GAL.
Which Exchange Online feature should be used?
A) Forward all mail to the departed employee’s manager permanently without preserving the mailbox
B) Convert to an Inactive Mailbox with a retention hold preserving content after license removal
C) Delete the mailbox and create a PST backup file stored on a network drive for archival
D) Export the mailbox contents to SharePoint document libraries for long-term document storage
Show solution
Correct answers: B – Explanation:
Inactive mailboxes preserve content under litigation or retention holds after the user license is removed, remaining hidden from the GAL and searchable via eDiscovery. PST backups are not searchable via eDiscovery and lack the compliance-grade preservation that legal requirements demand. Permanent forwarding does not preserve the original mailbox structure, permissions, or historical content for legal review. SharePoint export loses the mailbox folder structure, conversation threading, and native eDiscovery searchability. Source: Check Source
Question #4 - Plan and Manage the Mail Transport Architecture
A company needs outbound email routed through a third-party compliance scanning service before delivery.
Which Exchange Online component should be configured?
A) An outbound connector with smart host routing directing external mail through the scanning service
B) A distribution group membership configuration which handles internal routing not outbound scanning
C) Azure Firewall DNAT rules operating at the network layer without SMTP mail routing capability
D) Client-side Outlook rules configured per user which are bypassable and inconsistent across accounts
Show solution
Correct answers: A – Explanation:
An outbound connector routes external mail through a designated smart host like a compliance scanning service before final internet delivery with centralized enforcement. Client-side rules are per-user, bypassable, and cannot guarantee consistent routing for all outbound mail. Distribution groups manage internal message distribution and do not control outbound mail routing to external services. Azure Firewall operates at the network layer and cannot route SMTP mail through content scanning services. Source: Check Source
Question #5 - Plan and Manage the Mail Transport Architecture
Company emails are rejected by recipients as spam. SPF, DKIM, and DMARC records are not configured.
Which DNS records should be configured to improve deliverability?
A) PTR records only which help with reverse DNS but are insufficient alone for full authentication
B) Only an MX record which routes inbound mail but does not authenticate outbound sending identity
C) A-records for the mail server which resolve hostnames without providing email authentication
D) SPF listing authorized senders, DKIM for cryptographic signing, and DMARC for policy enforcement
Show solution
Correct answers: D – Explanation:
SPF authorizes sending IP addresses, DKIM cryptographically signs outbound messages verifying integrity, and DMARC instructs receivers on handling authentication failures. Together they establish comprehensive email authentication. MX records route inbound mail to the correct server but provide no outbound sender authentication. A-records resolve server hostnames to IP addresses without email authentication capability. PTR records support reverse DNS lookups but are only one component insufficient for comprehensive email deliverability. Source: Check Source
Question #6 - Plan and Manage the Mail Transport Architecture
Emails containing credit card numbers must be held for compliance review before delivery to external recipients.
Which Exchange transport feature should be configured?
A) Retention policies managing message lifecycle duration without intercepting messages in transit
B) Individual Inbox rules configured per user which cannot detect sensitive information patterns
C) Journaling rules which copy messages for archival without holding them for pre-delivery review
D) Transport rules with sensitive information type conditions that moderate matching messages
Show solution
Correct answers: D – Explanation:
Transport rules detect sensitive content like credit card patterns using DLP-integrated conditions and can hold messages for moderator approval before external delivery. Journaling copies messages to a journal mailbox for archival but does not intercept or hold them during transit. Retention policies manage how long messages are kept after delivery without pre-delivery interception capability. Inbox rules operate per-user after delivery and cannot detect sensitive information type patterns. Source: Check Source
Question #7 - Plan and Implement a Hybrid Configuration and Migration
A company with Exchange 2019 on-premises migrates 2,000 mailboxes to Exchange Online over 3 months with coexistence.
Which migration strategy supports this phased coexistence?
A) PST import requiring manual export and upload for each mailbox without automated coexistence
B) IMAP migration copying email content only without calendar, contacts, or coexistence features
C) Hybrid deployment with batch migration moves enabling shared namespace and cross-premises features
D) Cutover migration moving all mailboxes simultaneously which is limited to small organizations
Show solution
Correct answers: C – Explanation:
Hybrid deployment enables long-term coexistence with shared email namespace, cross-premises free/busy lookup, and batch mailbox moves over the three-month migration period. Cutover migration moves everything at once and is supported only for organizations under 2,000 mailboxes without coexistence. IMAP migration copies email messages only without calendars, contacts, or the rich coexistence features hybrid provides. PST import is a manual per-mailbox process without automated coexistence, namespace sharing, or incremental sync. Source: Check Source
Question #8 - Plan and Implement a Hybrid Configuration and Migration
During hybrid coexistence, free/busy information is not visible between on-premises and cloud mailboxes.
Which component should the admin verify?
A) Azure AD Connect synchronization status which handles identity but not free/busy directly
B) The DNS MX records which handle mail routing rather than calendar free/busy sharing
C) The OAuth authentication configuration and Organization Relationship between environments
D) Individual user mailbox storage sizes which are unrelated to cross-premises calendar visibility
Show solution
Correct answers: C – Explanation:
Free/busy sharing in hybrid requires a properly configured Organization Relationship with OAuth authentication enabling cross-premises calendar availability lookup. MX records handle email routing direction and do not affect calendar free/busy information sharing. Mailbox sizes are storage capacity metrics unrelated to the calendar availability sharing configuration. AD Connect synchronizes identity objects but the Organization Relationship and OAuth handle the free/busy data exchange specifically. Source: Check Source
Question #9 - Plan and Implement a Hybrid Configuration and Migration
After migrating 200 mailboxes, users report missing calendar items. Migration logs show partial sync completion.
What should the admin do to resolve the incomplete migration?
A) Re-run the migration batch for affected mailboxes to complete incremental sync of remaining items
B) Delete the cloud mailboxes entirely and restart the migration process from the beginning
C) Ask users to recreate their missing calendar items manually from memory or paper records
D) Ignore the missing calendar items and proceed with the remaining mailbox migration batches
Show solution
Correct answers: A – Explanation:
Re-running migration batches performs incremental synchronization copying any items missed during the initial pass without duplicating already-migrated content. Manual recreation from memory loses details of appointments, attendees, and recurring meeting patterns. Deleting and restarting wastes the work completed on successfully migrated content and delays the overall timeline. Ignoring missing items leaves 200 users with incomplete calendars affecting their scheduling and productivity. Source: Check Source
Question #10 - Secure the Messaging Environment
The admin needs to block emails with executable attachments (.exe, .bat, .ps1) from reaching any mailbox.
Which security feature should be configured?
A) Azure Firewall application rules which cannot inspect SMTP email content at the EOP layer
B) Anti-malware policy in Exchange Online Protection with file type filtering blocking executables
C) Disable all email attachments entirely preventing both dangerous and legitimate file transfers
D) User training alone instructing employees not to open executable attachments they may receive
Show solution
Correct answers: B – Explanation:
Anti-malware policies in EOP filter attachments by file extension type, blocking dangerous executables before they reach any user mailbox regardless of sender. Training alone is insufficient because sophisticated attacks use social engineering to bypass even well-trained user judgment. Disabling all attachments prevents legitimate business file sharing alongside dangerous files. Azure Firewall operates at the network layer and does not inspect individual email attachment content at the EOP processing level. Source: Check Source
Get 816+ more questions with source-linked explanations
Every answer traces to the exact Microsoft documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated 16-Apr-26
Learn more...
What the MS-203 Messaging Administrator Associate exam measures
- Manage Organizational Settings and Resources (20–25%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Plan and Manage the Mail Transport Architecture (25–30%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Plan and Implement a Hybrid Configuration and Migration (20–25%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Secure the Messaging Environment (20–25%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
How to prepare for this exam
- Review the official exam guide to understand every objective and domain weight before you begin studying
- Complete the relevant Microsoft Learn learning path to build a structured foundation across all exam topics
- Get hands-on practice in an Azure free-tier sandbox or trial environment to reinforce what you have studied with real configurations
- Apply your knowledge through real-world project experience — whether at work, in volunteer roles, or contributing to open-source initiatives
- Master one objective at a time, starting with the highest-weighted domain to maximize your score potential early
- Use PowerKram learn mode to study by individual objective and review detailed explanations for every question
- Switch to PowerKram exam mode to simulate the real test experience with randomized questions and timed conditions
Career paths and salary outlook
Earning this certification can open doors to several in-demand roles:
- Exchange Administrator: $95,000–$130,000 per year (based on Glassdoor and ZipRecruiter data)
- Messaging Engineer: $90,000–$125,000 per year (based on Glassdoor and ZipRecruiter data)
- Unified Communications Specialist: $100,000–$135,000 per year (based on Glassdoor and ZipRecruiter data)
Official resources
Microsoft provides comprehensive free training to prepare for the MS-203 Messaging Administrator Associate exam. Start with the official Microsoft Learn learning path for structured, self-paced modules covering every exam domain. Review the exam study guide for the complete skills outline and recent updates.