Interview preparation

-

 

1. Tell me about your experience.

Answer:
I have 7 years of experience in IT infrastructure and messaging systems, with 4 years specifically focused on Microsoft 365 and Exchange administration. I have worked on Exchange Online, hybrid deployments, mailbox migrations, mail flow management, security configurations, and troubleshooting complex issues. I also have experience managing Azure AD, Teams, SharePoint Online, and implementing security and compliance policies in Microsoft 365.

2. What is the difference between Exchange Online and On-Premises Exchange?

Answer:
Exchange Online is a cloud-based email service hosted by Microsoft as part of Microsoft 365, while On-Premises Exchange is hosted on local servers within an organization’s data center.

Key differences:

  • Infrastructure management is handled by Microsoft in Exchange Online.

  • Scalability and high availability are built-in for cloud.

  • On-Prem requires server maintenance, patching, backups.

  • Hybrid setup allows integration of both environments.

3. What is Hybrid Exchange deployment?

Answer:
Hybrid deployment connects On-Premises Exchange with Exchange Online, allowing seamless coexistence. It enables:

  • Free/Busy sharing

  • Mailbox migration

  • Centralized mail flow

  • Single sign-on (SSO)

It is configured using Hybrid Configuration Wizard and integrates with Azure AD for identity synchronization.

4. How do you migrate mailboxes to Exchange Online?

Answer:
Mailbox migration can be done using:

  • Cutover migration (small environments)

  • Staged migration

  • Hybrid migration (for large enterprises)

Steps include:

  1. Verify domain in Microsoft 365

  2. Configure Azure AD Connect

  3. Create migration endpoint

  4. Create migration batch

  5. Monitor and complete migration

  6. Update DNS (MX records)

5. How do you troubleshoot mail flow issues?

Answer:
I follow these steps:

  • Check message trace in Exchange Admin Center

  • Verify MX records

  • Check mail flow rules (transport rules)

  • Review connectors (inbound/outbound)

  • Check spam filtering and quarantine

  • Use PowerShell commands like:

    • Get-MessageTrace

    • Test-Mailflow

6. What are mail flow rules (Transport Rules)?

Answer:
Mail flow rules in Exchange Online control how emails are processed. They can:

  • Add disclaimers

  • Block specific keywords

  • Redirect emails

  • Apply DLP policies

  • Enforce compliance rules

They are configured in Exchange Admin Center or via PowerShell.

7. What is Azure AD Connect?

Answer:
Azure AD Connect synchronizes on-premises Active Directory with Microsoft Entra ID (formerly Azure AD).
It enables:

  • Identity synchronization

  • Password hash sync

  • Pass-through authentication

  • Hybrid identity management

8. How do you manage security in Microsoft 365?

Answer:
Security is managed through:

  • Multi-Factor Authentication (MFA)

  • Conditional Access policies

  • Anti-phishing & anti-malware policies

  • Safe Links & Safe Attachments

  • Data Loss Prevention (DLP)

  • Role-Based Access Control (RBAC)

These are configured in Microsoft 365 Defender and compliance portals.

9. What is the difference between Distribution Group and Microsoft 365 Group?

Answer:

Distribution Group:

  • Used only for email distribution

  • No collaboration tools

Microsoft 365 Group:

  • Provides shared mailbox

  • SharePoint site

  • Teams integration

  • Planner

  • OneDrive storage

It supports collaboration across services.

10. How do you handle mailbox permission issues?

Answer:
I use PowerShell commands like:

  • Get-MailboxPermission

  • Add-MailboxPermission

  • Remove-MailboxPermission

  • Add-RecipientPermission

I verify:

  • Full Access

  • Send As

  • Send on Behalf permissions
    Then test access and confirm replication.

11. What is Retention Policy in Microsoft 365?

Answer:
Retention policies help organizations retain or delete content based on compliance requirements.
They can:

  • Retain content for specific years

  • Automatically delete after retention period

  • Apply to mailboxes, SharePoint, Teams

Configured under Microsoft 365 Compliance Center.

12. How do you monitor Microsoft 365 environment health?

Answer:

  • Service Health Dashboard

  • Message Trace

  • Audit Logs

  • Azure AD Sign-in logs

  • Security & Compliance alerts

  • PowerShell reporting

13. Scenario Question:

User cannot send emails externally. What will you check?

Answer:

  • Mailbox quota

  • Mail flow rules blocking external mail

  • Outbound spam policy

  • Connector configuration

  • DNS (SPF, DKIM, DMARC)

  • Check message trace for failure reason

14. What PowerShell modules do you use?

Answer:

  • Exchange Online PowerShell (EXO V2 module)

  • MSOnline module

  • AzureAD module

  • Microsoft Graph (modern management)

  • ✅ Scenario 1: Emails are delayed for multiple users.

    What will you check?

    Answer (Structured Approach):

    1. Check Service Health in Microsoft 365 Admin Center

    2. Run Message Trace in Exchange Admin Center

    3. Verify connectors (inbound/outbound)

    4. Check mail queue (if Hybrid – on-prem transport server)

    5. Review throttling or spam filtering policies

    6. Validate DNS (MX, SPF)

    If hybrid:

    • Check Edge/Hub transport queue using Get-Queue

    • Restart transport services if required

    ✅ Scenario 2: User mailbox suddenly missing emails.

    Answer:

    1. Check Deleted Items / Recoverable Items

    2. Run Search-Mailbox or Content Search

    3. Verify retention policy

    4. Check mailbox audit logs

    5. Confirm if any inbox rule moved emails

    6. Review if mailbox was converted (shared/resource)

    ✅ Scenario 3: User cannot login after password reset (Hybrid).

    Answer:

    1. Check Azure AD Connect sync status

    2. Force delta sync:

      Start-ADSyncSyncCycle -PolicyType Delta

    3. Verify account not locked in on-prem AD

    4. Check Sign-in logs in Microsoft Entra ID

    5. Validate Conditional Access policies

    ✅ Scenario 4: External users receiving NDR (550 5.7.1).

    Answer:

    • Check anti-spam policy

    • Review blocked senders list

    • Verify SPF, DKIM, DMARC

    • Check connector restrictions

    • Message trace for rejection reason

    🔹 2. L2/L3 Advanced Troubleshooting Questions

    ✅ Q1: How do you troubleshoot Free/Busy not working in Hybrid?

    Answer:

    • Validate federation trust

    • Check Organization Relationship

    • Run:

      Test-FederationTrust
Test-OrganizationRelationship

    • Verify Autodiscover record

    • Check OAuth configuration

    ✅ Q2: Mailbox migration stuck at syncing.

    Answer:

    • Check migration batch status

    • Run:

      Get-MoveRequestStatistics

    • Review bad item limit

    • Check network bandwidth

    • Restart move request if needed

    ✅ Q3: How do you troubleshoot high CPU on Exchange Online PowerShell session?

    Answer:

    • Check for large scripts running

    • Reduce parallel sessions

    • Use EXO V2 module (modern auth)

    • Optimize PowerShell filters

    ✅ Q4: Difference between Soft Delete and Hard Delete?

    Answer:

    TypeDescription
    Soft DeleteUser deleted, recoverable within 30 days
    Hard DeletePermanently removed after retention period

    🔹 3. Hybrid & Migration Deep-Dive Questions

    ✅ Q1: Explain Hybrid mail flow architecture.

    Answer:
    In Hybrid:

    • On-prem Exchange handles internal mail

    • Exchange Online handles cloud mailboxes

    • Connectors manage secure mail routing

    • Azure AD Connect syncs identities

    • OAuth ensures secure communication

    ✅ Q2: What happens when you move mailbox from On-Prem to Exchange Online?

    Answer:

    • Mailbox converted to Remote Mailbox

    • TargetAddress updated

    • Mail routing changes to cloud

    • Autodiscover updated

    • LegacyDN preserved to avoid NDR

    ✅ Q3: What are migration types?

    Answer:

    • Cutover Migration

    • Staged Migration

    • Hybrid Migration

    • IMAP Migration

    ✅ Q4: How do you decommission Exchange after full cloud migration?

    Answer:

    1. Confirm no on-prem mailboxes

    2. Remove Hybrid configuration

    3. Decommission Exchange servers carefully

    4. Keep one Exchange server if AD schema management needed

    5. Remove connectors & update DNS

    🔹 4. Managerial Round Questions

    ✅ Q1: How do you handle escalation from L1?

    Answer:

    • Understand issue clearly

    • Review troubleshooting steps already taken

    • Avoid repeating steps

    • Provide RCA (Root Cause Analysis)

    • Share KB documentation for prevention

    ✅ Q2: How do you manage major incident?

    Answer:

    • Identify impact scope

    • Inform stakeholders

    • Engage Microsoft support if needed

    • Provide regular updates

    • Conduct post-incident RCA

    ✅ Q3: How do you prioritize tasks?

    Answer:

    • P1: Business critical outage

    • P2: Multiple users affected

    • P3: Single user issue

    • P4: Service requests

    Use SLA-driven approach.

    ✅ Q4: Have you handled change management?

    Answer Sample:
    Yes, I have implemented mailbox migrations, transport rule changes, and security policies via change management process including:

    • Risk assessment

    • Backout plan

    • CAB approval

    • Post-change validation

    🔹 5. Resume-Based Q&A Preparation

    Since you have 4 years in Microsoft 365, be ready for:

    If your resume says: “Managed 2000+ mailboxes”

    They may ask:
    👉 How did you manage bulk operations?

    Answer:

    • Used PowerShell bulk scripts

    • CSV imports

    • Automated license assignment

    • RBAC roles delegation

    If your resume says: “Implemented Security Policies”

    They may ask:
    👉 What policies exactly?

    Answer:

    • MFA enforcement

    • Conditional Access

    • Anti-phishing policy

    • Safe Attachments

    • DLP policies

    If your resume says: “Handled Migration”

    They may ask:
    👉 What challenges did you face?

    Answer:

    • Throttling

    • Corrupt mail items

    • Network latency

    • DNS propagation delay

    • End-user Outlook reconfiguration

    🔥 BONUS: Very Tough L3 Questions

    1. Explain OAuth in Hybrid.

    2. What is Modern Authentication?

    3. How does Autodiscover work?

    4. Explain Exchange transport pipeline.

    5. Difference between EOP and Defender for Office 365.

    6. How does mailbox database architecture work in cloud?


Popular posts from this blog

Autodiscover

-
  "Autodiscovery" (or  Autodiscover , more precisely in Microsoft terms) is a service that automatically configures email clients, mainly Outlook, to connect to mailboxes without users having to enter all the settings manually. 💡  What is Autodiscover? Autodiscover  is a Microsoft Exchange service that provides configuration information to email clients (like Outlook or mobile devices) so they can set themselves up with minimal user input. 🔧  What Does Autodiscover Do? When a user enters just their  email address and password , Autodiscover helps the client automatically find: Mail server addresses (Exchange or Microsoft 365) Mailbox settings Calendar and contact URLs Offline address book (OAB) settings Outlook Anywhere settings Unified Messaging (if used) Internal and external URLs 🧠  How It Works (Simplified Flow): User opens Outlook and enters their email address + password. Outlook sends a request to the  Autodiscover service : Tries a few ...
Read more

MX Record

-
  📬 What is an  MX Record ? MX  stands for  Mail Exchange . An  MX record  is a type of  DNS (Domain Name System)  record that tells the internet  where to deliver email  for your domain. MX record is used to recieve emails form external doamin. Control email FLOW Load Balancing Basically, it says: "If someone sends an email to  you@yourdomain.com , deliver it to this mail server." 🧭 Why is an MX Record Important? Without an MX record: Emails sent to your domain won't know  where  to go Mail will bounce or get lost With a correct MX record: Emails are properly routed to your mail provider (like Microsoft 365, Gmail, etc.) 🔧 Example If you're using  Microsoft 365 , your domain's MX record might look like: vbnet Copy Edit Type: MX Name: @ Priority: 0 Points to : yourdomain-com.mail.protection.outlook.com This tells the world: "Send all email for  @yourdomain.com  to Microsoft's mail servers." 🎯 K...
Read more

Azure Active Directory (Azure AD)

-
  Azure Active Directory (Azure AD)  is Microsoft’s  cloud-based identity and access management service , which is the cloud counterpart to the traditional  on-premises Active Directory (AD) . While  Active Directory (AD)  is designed for managing users, groups, and devices within an organization's  internal network ,  Azure AD  extends this functionality to manage identities across cloud-based resources, applications, and services. Azure AD helps organizations manage user access to cloud services (like  Office 365 ,  Azure services ,  third-party apps , etc.) and provides features like  Single Sign-On (SSO) ,  Multi-Factor Authentication (MFA) , and more — all while maintaining security and compliance in the cloud. Key Differences Between Active Directory (AD) and Azure Active Directory (Azure AD): Deployment Location : AD  is  on-premises , running in an organization's internal network. Azure AD  is...
Read more