HOTSPOT -
You have a hybrid Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You have an Azure Virtual Desktop host pool. All the session hosts have a folder named C:\Folder1.
You create an FSLogix Application Masking rule as shown in the following exhibit.
You create assignments for the Application Masking rule as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
References:
https://docs.microsoft.com/en-us/fslogix/application-masking-rules-ht https://docs.microsoft.com/en-us/fslogix/application-masking-users-groups-ht
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have the following:
✑ A Microsoft 365 E5 tenant
✑ An on-premises Active Directory domain
✑ A hybrid Azure Active Directory (Azure AD) tenant
✑ An Azure Active Directory Domain Services (Azure AD DS) managed domain
✑ An Azure Virtual Desktop deployment
The Azure Virtual Desktop deployment contains personal desktops that are hybrid joined to the on-premises domain and enrolled in Microsoft Intune.
You need to configure the security settings for the Microsoft Edge browsers on the personal desktops.
Solution: You configure a Group Policy Object (GPO) in the Azure AD DS managed domain.
Does this meet the goal?
B
Reference:
https://www.compete366.com/blog-posts/eight-tips-on-how-to-manage-azure-virtual-desktop-avd/
You have an Azure Virtual Desktop deployment and the users shown in the following table.
All the users plan to use a web browser to access Azure Virtual Desktop resources.
Which users can connect to Azure Virtual Desktop by using their preferred browser?
C
Connect to Azure Virtual Desktop with the web client, supported browsers.
While any HTML5-capable browser should work, we officially support the following operating systems and browsers:
Mozilla Firefox - Windows, macOS, Linux (User1)
Apple Safari - macOS (User3)
Note: There is no answer option for User1 and User3 only, so we go for User1, User2 and User3.
Incorrect:
Internet Explorer not supported (not User2)
As of September 30, 2021, the Azure Virtual Desktop web client no longer supports Internet Explorer. We recommend that you use Microsoft Edge to connect to the web client instead.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/user-documentation/connect-web
Your on-premises network contains 20 Windows 10 devices.
You have an Azure Virtual Desktop deployment.
You need to deploy the Microsoft Remote Desktop client (MSRDC) to the devices. The MSRDC must be available to everyone who sign in to the devices.
What should you do?
A
Although your users can install the client directly after downloading it, if you're deploying to multiple devices, you may want to also deploy the client to them through other means. Deploying using group policies or the Microsoft Endpoint Configuration Manager lets you run the installer silently using a command line. Run the following commands to deploy the client per-device or per-user.
Per-device installation -
msiexec.exe /I <path to the MSI> /qn ALLUSERS=1
Incorrect:
Per-user installation -
msiexec.exe /i `<path to the MSI>` /qn ALLUSERS=2 MSIINSTALLPERUSER=1
Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-admin
Your network contains an on-premises Active Directory domain named contoso.com.
You have an Azure subscription that contains the resources shown in the following table.
You need to create a share that will host FSLogix profiles for AVDPool1. The solution must meet the following requirements:
* Maximize read and write performance for the profiles.
* Control access to the SMB share by using the users and groups stored in contoso.com.
Which account should you use to host the share?
A
You can create FSLogix profile containers using Azure NetApp Files, an easy-to-use Azure native platform service that helps customers quickly and reliably provision enterprise-grade SMB volumes for their Azure Virtual Desktop environments.
We [Microsoft] recommend using FSLogix profile containers as a user profile solution for the Azure Virtual Desktop service. FSLogix profile containers store a complete user profile in a single container and are designed to roam profiles in non-persistent remote computing environments like Azure Virtual Desktop.
Create and manage Active Directory connections for Azure NetApp Files.
Azure NetApp Files supports both Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (AADDS) for AD connections.
Incorrect:
Not C: Not the preferred solution.
Note: You can create an Azure file share authenticated by a domain controller on an existing Azure Virtual Desktop host pool. You can use this file share to store storage profiles.
Assign Azure RBAC permissions to Azure Virtual Desktop users
All users that need to have FSLogix profiles stored on the storage account must be assigned the Storage File Data SMB Share Contributor role.
Users signing in to the Azure Virtual Desktop session hosts need access permissions to access your file share. Granting access to an Azure File share involves configuring permissions both at the share level as well as on the NTFS level, similar to a traditional Windows share.
To configure share level permissions, assign each user a role with the appropriate access permissions. Permissions can be assigned to either individual users or an Azure AD group.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-fslogix-profile-container https://docs.microsoft.com/en-us/azure/azure-netapp-files/create-active-directory-connections https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share
Your network contains an on-premises Active Directory domain named contoso.com that syncs to an Azure Active Directory (Azure AD) tenant.
You have an Azure Virtual Desktop host pool named Pool1 that has the following settings:
* Host pool name: Pool1
* Host pool type: Personal
* Number of VMs: 3
The session hosts have the following configurations:
* Image used to create the virtual machines: Windows 10 Enterprise8
* Virtual machines domain-joined to: On-premises contoso.com domain
You need to ensure that you can use Microsoft EndPoint Manager to manage security updates on the session hosts.
What should you do?
D
Azure Virtual Desktop multi-session with Microsoft Intune is now generally available.
You can now use Microsoft Intune to manage Windows 10 or Windows 11 Enterprise multi-session remote desktops in the Microsoft Endpoint Manager admin center just as you can manage a shared Windows 10 or Windows 11 client device. When managing such virtual machines (VMs), you'll be able to use both device-based and user configuration.
Prerequisites -
This feature supports Windows 10 or Windows 11 Enterprise multi-session VMs, which include:
* Hybrid Azure AD-joined and enrolled in Microsoft Intune using one of the following methods:
Configured with Active Directory group policy, set to use Device credentials, and set to automatically enroll devices that are Hybrid Azure AD-joined.
Configuration Manager co-management.
* Etc.
Incorrect: Not related to load balancing.
Set up as remote desktops in pooled host pools that have been deployed through Azure Resource Manager.
Azure Virtual Desktop supports two load-balancing algorithms. Each algorithm determines which session host will host a user's session when they connect to a resource in a host pool.
The following load-balancing algorithms are available in Azure Virtual Desktop:
Breadth-first load balancing allows you to evenly distribute user sessions across the session hosts in a host pool.
Depth-first load balancing allows you to saturate a session host with user sessions in a host pool. Once the first session host reaches its session limit threshold, the load balancer directs any new user connections to the next session host in the host pool until it reaches its limit, and so on.
Reference:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop-multi-session https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing
HOTSPOT -
You create an Azure Virtual Desktop host pool as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: 50 -
Max session limit is set to 10.
This is the maximum number of concurrent sessions on a host. For depth-first, once a VM hits 10 users, then the next VM will begin accepting users.
There are 5 VMs, so the maximum number of concurrent user sessions is 50 (10x5).
Box 2: On the same session host -
The load balancing algorithm is set to depth-first.
The five user sessions will be created on the first session host.
Note: Depth-first load balancing allows you to saturate a session host with user sessions in a host pool. Once the first session host reaches its session limit threshold, the load balancer directs any new user connections to the next session host in the host pool until it reaches its limit, and so on.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing https://deviceadvice.io/2021/03/30/how-to-create-pooled-shared-windows-virtual-desktop-environment/
You have an Azure Virtual Desktop deployment that contains a host pool. The host pool contains 15 session hosts. All the sessions hosts have FSLogix installed.
You need to configure the path to where the user profiles are stored. The solution must minimize administrative effort.
Which registry setting should you use?
A
You have an Azure Virtual Desktop deployment that contains a host pool. The host pool contains 10 session hosts. The session hosts are configured by using a custom image and ephemeral disks.
You need to deploy Microsoft OneDrive for Business.
Which two actions should you perform for each session host? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
AB
You have an Azure Virtual Desktop deployment that contains a session host named Host1.
You need to configure Windows Defender Firewall to allow inbound network traffic for RDP Shortpath on Host1.
Which program in the C:\Windows\System32 folder should you specify in the inbound firewall rule?
D
