Building Applications and Solutions with Microsoft 365 Core Services

Here you have the best Microsoft MS-600 practice exam questions

  • You have 245 total questions across 49 pages (5 per page)
  • These questions were last updated on February 11, 2026
  • This site is not affiliated with or endorsed by Microsoft.
Question 1 of 245
HOTSPOT -
You are developing an interactive invoicing application that will be used by end users. The application will have the following features:
✑ Save invoices generated by a user to the user's OneDrive for Business.
✑ Email daily automated reminders.
You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.
Which permission should you grant for each feature? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Exam MS-600: Question 1 - Image 1
Answer

Suggested Answer

Microsoft identity platform supports two types of permissions: delegated permissions and application permissions.

Box 1: Delegated -
✑ Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app is delegated permission to act as the signed-in user when making calls to the target resource.

Box 2: Application -
✑ Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons.
Application permissions can only be consented by an administrator.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent Exam MS-600: Question 1 - Image 2
Question 2 of 245
You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user.
Which type of authorization flow should you use?
Answer

Suggested Answer

The suggested answer is A.

In web server apps, the sign-in authentication flow takes these high-level steps:
Exam MS-600: Question 2 - Image 1
You can ensure the user's identity by validating the ID token with a public signing key that is received from the Microsoft identity platform endpoint. A session cookie is set, which can be used to identify the user on subsequent page requests.
In addition to simple sign-in, a web server app might need to access another web service, such as a REST API. In this case, the web server app engages in a combined OpenID Connect and OAuth 2.0 flow, by using the OAuth 2.0 authorization code flow.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types A
Community Votes

No votes yet

Join the discussion to cast yours

Question 3 of 245
You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoListService.
The permissions for the TodoList SPA API are configured as shown in the TodoList SPA exhibit. (Click the TodoListSPA tab.)
Exam MS-600: Question 3 - Image 1
The permissions for the TodoListService API are configured as shown in the TodoListService exhibit. (Click the TodoListService tab.)
Exam MS-600: Question 3 - Image 2
You need to ensure that TodoListService can access a Microsoft OneDrive file of the signed-in user. The solution must use the principle of least privilege.
Which permission should to grant?
Answer

Suggested Answer

The suggested answer is B.

In order to ensure TodoListService can access a Microsoft OneDrive file of the signed-in user while adhering to the principle of least privilege, you should grant the Sites.Read.All delegated permission for TodoListSPA. This allows the single-page application (SPA) to access the desired OneDrive files on behalf of the user without over-privileging the service to access all files in the tenant. The solution requires permission on behalf of the user, which is best achieved through delegated permissions for the SPA.

Community Votes

No votes yet

Join the discussion to cast yours

Question 4 of 245
You are building a server-based web app that will use OAuth2 and will be registered with the Microsoft identity platform.
Which two values does the single-tenant app require to obtain tokens from the token endpoint for the Microsoft identity platform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer

Suggested Answer

The suggested answer is A, C.

C: The required client_id is the Application (client) ID that the Azure portal ג€" App registrations experience assigned to your app.
E: The authorization code flow begins with the client directing the user to the /authorize endpoint.
Exam MS-600: Question 4 - Image 1
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow CE
Community Votes

No votes yet

Join the discussion to cast yours

Question 5 of 245
HOTSPOT -
You are developing a single-page application (SPA).
You plan to access user data from Microsoft Graph by using an AJAX call.
You need to obtain an access token by the Microsoft Authentication Library (MSAL). The solution must minimize authentication prompts.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Exam MS-600: Question 5 - Image 1
Answer

Suggested Answer

Box 1: loginPopup -

Box 2: acquireTokenSilent -
The pattern for acquiring tokens for APIs with MSAL.js is to first attempt a silent token request by using the acquireTokenSilent method. When this method is called, the library first checks the cache in browser storage to see if a valid token exists and returns it. When no valid token is in the cache, it sends a silent token request to Azure Active Directory (Azure AD) from a hidden iframe. This method also allows the library to renew tokens.

Box 3: acquireTokenPopup -
//AcquireToken Failure, send an interactive request.
Example:
userAgentApplication.loginPopup(applicationConfig.graphScopes).then(function (idToken) {
//Login Success
userAgentApplication.acquireTokenSilent(applicationConfig.graphScopes).then(function (accessToken) {
//AcquireToken Success
updateUI();
}, function (error) {
//AcquireToken Failure, send an interactive request.
userAgentApplication.acquireTokenPopup(applicationConfig.graphScopes).then(function (accessToken) { updateUI();
}, function (error) {
console.log(error);
});
})
}, function (error) {
console.log(error);
});
Reference:
https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/339 Exam MS-600: Question 5 - Image 2

About the Microsoft MS-600 Certification Exam

About the Exam

The Microsoft MS-600 (Building Applications and Solutions with Microsoft 365 Core Services) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 245 practice questions across 49 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our MS-600 questions are regularly updated to reflect the latest exam objectives.