Your company has a System Center Configuration Manager deployment that uses hybrid mobile device management (MDM). All Windows 10 devices are Active
Directory domain-joined.
You plan to migrate from hybrid MDM to Microsoft Intune standalone.
You successfully run the Intune Data Importer tool.
You need to complete the migration.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
BC
Reference:
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-hybridmdm-to-intunesa https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-prepare-intune
Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune.
Currently, Windows updates are downloaded without using Delivery Optimization.
You need to configure the computers to use Delivery Optimization.
What should you create in Intune?
Answer:
A
With Intune, use Delivery Optimization settings for your Windows devices to reduce bandwidth consumption when those devices download applications and updates. Configure Delivery Optimization as part of your device configuration profiles.
Reference:
https://docs.microsoft.com/en-us/intune/delivery-optimization-windows
You have 500 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You plan to distribute certificates to the computers by using Simple Certificate Enrollment Protocol (SCEP).
You have the servers shown in the following table.
NDES issues certificates from the subordinate CA.
You are configuring a device profile as shown in the exhibit. (Click the Exhibit tab.)
On which server is the required root certificate located?
Answer:
C
As NDES issues certificates from the subordinate CA located at Server3, the root certificate should be used for Server3.
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You redirect Windows known folders to Microsoft OneDrive for Business.
Which folder will be included in the redirection?
Answer:
B
Reference:
https://docs.microsoft.com/en-us/onedrive/redirect-known-folders
You have a Microsoft Azure Active Directory (Azure AD) tenant. All corporate devices are enrolled in Microsoft Intune.
You have a web-based application named App1 that uses Azure AD to authenticate.
You need to prompt all users of App1 to agree to the protection of corporate data when they access App1 from both corporate and noncorporate devices.
What should you configure?
Answer:
C
Use an Intune terms and conditions policy to present relevant disclaimers for legal or compliance requirements to device users. A terms and conditions policy requires targeted users to accept your terms in Company Portal before they can enroll devices or access protected resources.
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/terms-and-conditions-create
You are creating a device configuration profile in Microsoft Intune.
You need to configure specific OMA-URI settings in the profile.
Which profile type should you use?
Answer:
B
Windows client custom profiles use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure different features. These settings are typically used by mobile device manufacturers to control features on the device.
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/custom-settings-windows-10
DRAG DROP -
You have an Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain.
The tenant contains computers that run Windows 10. The computers are hybrid Azure AD joined and enrolled in Microsoft Intune. The Microsoft Office settings on the computers are configured by using a Group Policy Object (GPO).
You need to migrate the GPO to Intune.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Step 1: Create a configuration profle
Create the template -
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select Devices > Configuration profiles > Create profile.
3. Etc.
Step 2: Configure the Administrative Template settings.
Find some settings. There are thousands of settings available in these templates.
Step 3: Assign the profile.
The template is created, but may not be doing anything yet. Be sure to assign the template (also called a profile) and monitor its status.
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/administrative-templates-windows
HOTSPOT -
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains a user named User1 and two computers named
Computer1 and Computer2 that run Windows 10.
User1 is configured as shown in the following exhibit.
You rename file \\Server1\Profiles\User1.V6\NTUSER.DAT as NTUSER.MAN.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
The .man extension causes the user profile to be a read-only profile.
Reference:
https://docs.microsoft.com/en-us/windows/client-management/mandatory-user-profile
You have a Windows 10 device named Device1 that is joined to Active Directory and enrolled in Microsoft Intune.
Device 1 is managed by using Group Policy and Intune.
You need to ensure that the Intune settings override the Group Policy settings.
What should you configure?
Answer:
A
Creating the policy -
Let's create a new policy in Intune to control the GP vs. MDM winner
1. Navigate to portal.azure.com and locate Intune
2. Select ג€Device configuration ֳ Profiles ֳ Create profileג€
3. Under Platform select Windows 10 and later
4. Under Profile type select ג€customג€ and ג€addג€
5. Name the custom setting with something intuitive
6. For OMA-URI add the policy OMA-URI string: ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP
7. For Data type select Integer and add the number
Note: The following describes which policy wins according to Windows 10 version.
Windows 10 versions 1709 and earlier Group Policy will override MDM policies, even if an identical policy is configured in MDM.
Windows 10 version 1803 and beyond there is a new Policy CSP (configuration service provider) setting called ControlPolicyConflict that includes the policy of
MDMWinsOverGP, where the preference of which policy wins can be controlled, i.e. Microsoft Intune MDM policy.
Note 2: the ControlPolicyConflict policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy
(GP) are set on the device.
Reference:
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict https://uem4all.com/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/
You use a Microsoft Intune subscription to manage iOS devices.
You configure a device compliance policy that blocks jailbroken iOS devices.
You need to enable Enhanced jailbreak detection.
What should you configure?
Answer:
A
Compliance policy settings include the following settings:
* Enhanced jailbreak detection (applies only to iOS/iPadOS)
* Etc.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
