HOTSPOT
You have an Office 365 subscription.
The Office 365 organization contains five temporary administrators. The administrators are members of
multiple role groups.
You need to create a script that prevents the temporary administrators from performing administrative tasks
from the Office 365 admin center. The solution must meet the following requirements:
Provide the ability to reestablish administrative access to the temporary administrators within 14 days.
Release the Office 365 licenses assigned to the temporary administrators.
Which cmdlet should you run? To answer, select the appropriate options in the answer area.
Hot Area:
Answer: 
Explanation:
The Set-MsolUserLicense cmdlet can be used to adjust the licenses for a user. This can include adding a new
license, removing a license, updating the license options, or any combination of these actions.
Example:
The following command removes the for enterprises license from the user. This may result in the user’s data
being removed from each service.
Set-MsolUserLicense -UserPrincipalName user@contoso.com -RemoveLicenses
“contoso:ENTERPRISEPACK”
https://msdn.microsoft.com/en-us/library/azure/dn194094(v=azure.98).aspx
Wrong, without à licence you can still log in to portal.office.com and perform administrative tasks, you do not need à licence for that!
0
0
Agree with Chris. the command should be:
Remove-msoluser and -RemoveLicenses
After removing a user, you have 14 days to recover/restore it.
Not sure if the -RemoveLicenses need to be specified when removing a user.
0
0
Nowhere does it state though that the users(-accounts) have to be removed though. Only that administrative privileges should be removed for the time being. Remove-msoluser is not the way to go I imagine.
0
0
I think the answer is “Remove-MsolUser ” and “-Force”.
0
0
No, Maybe it’s Set-MsolUser -BlockCredential
https://technet.microsoft.com/en-us/library/mt628066.aspx
0
0
i agree
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoluser?view=azureadps-1.0
This command sets block credential to $Tue for a user, which blocks them from being able to sign in. This cannot be done for a synced user.
0
0
Can someone confirm the answer please?
0
0
I have tested this
Created a new user and assigned it a license
Ran remove-msoluser -force
This has put the user into the recycle bin and given back the license.
The key points are that the license needs to be given back which this does
The accounts will only be inactive for 14 days so you can recover the account from the recycle bin easily, during the 14 days the admins won’t be able to login which meets the other requirement.
Running remove-msoluserlicense won’t stop the administrators from logging in as others have pointed out.
0
0
Set-msoluser -userprincipalname user1,… -BlockCredentials $true and then Set-msoluser -userprincipalname user1,… -BlockCredentials $false after 14 days. this is a clean way. Remove-user is a valid action but its depends on recycle bin 30 days limit to restore user account. If you just block it, recover account isn’t required
0
0
Set-msolUser cmdlet is NOT correct one because, this command sets block credential to $True for a user, which blocks them from being able to sign in. However, this cannot be done for a synced user 1, so it does not apply to our case.
0
0
Remove-MsolUser -UserPrincipalName “davidchew@contoso.com” -Force
This command removes davidchew@contoso.com from Azure Active Directory. If the user has any licenses, the cmdlet removes these.
Please check the following link to see the different types of remove……..
https://docs.microsoft.com/en-us/powershell/module/msonline/remove-msoluser?view=azureadps-1.0&viewFallbackFrom=azureadps-
1
0