Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD).
You have a Microsoft 365 subscription.
You create a conditional access policy for Microsoft Exchange Online.
You need to configure the policy to prevent access to Exchange Online unless a user is connecting from a device that is hybrid Azure AD-joined.
Which settings should you configure?
Answer:
D
The device state condition was used to exclude devices that are hybrid Azure AD joined and/or devices marked as compliant with a Microsoft Intune compliance policy from an organization's Conditional Access policies.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions#device-state
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You redirect Windows known folders to Microsoft OneDrive for Business.
Which folder will be included in the redirection?
Answer:
B
There are two primary advantages of moving or redirecting Windows known folders (Desktop, Documents, Pictures, Screenshots, and Camera Roll) to Microsoft
OneDrive for the users in your domain:
Your users can continue using the folders they're familiar with. They don't have to change their daily work habits to save files to OneDrive.
Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from any device.
Reference:
https://docs.microsoft.com/en-us/onedrive/redirect-known-folders
You have a Microsoft 365 subscription.
You have a conditional access policy that requires multi-factor authentication (MFA) for users in a group name Sales when the users sign in from a trusted location. The policy is configured as shown in the exhibit. (Click the Exhibit tab.)
You create a compliance policy.
You need to ensure that the users are authenticated only if they are using a compliant device.
What should you configure in the conditional access policy?
Answer:
A
The device state condition can be used to exclude devices that are hybrid Azure AD joined and/or devices marked as compliant with a Microsoft Intune compliance policy from an organization's Conditional Access policies.
Device state is located on the Condition tab.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#device-state
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1. User1 has the devices shown in the following table.
Enterprise State Roaming is configured for User1.
User1 signs in to Device4 and changes the desktop.
You need to identify on which devices User1 will have a changed desktop.
Which devices should you identify?
Answer:
E
The requirements of Enterprise State Roaming are:
✑ Windows 10, with the latest updates, and a minimum Version 1511 (OS Build 10586 or later) is installed on the device.
✑ The device is Azure AD joined or hybrid Azure AD joined.
✑ Ensure that Enterprise State Roaming is enabled for the tenant in Azure AD.
The user is assigned an Azure Active Directory Premium license.
✑ The device must be restarted and the user must sign in again to access Enterprise State Roaming features.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-troubleshooting
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains two computers named Computer1 and Computer2. The computers run
Windows 10 and are members of a group named GroupA.
The tenant contains a user named User1 that is a member of a group named Group1.
You need to ensure that if User1 changes the desktop background on Computer1, the new desktop background will appear when User1 signs in to Computer2.
What should you do?
Answer:
C
Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-enable
You have a Microsoft 365 tenant that contains the devices shown in the following table.
You need to assign app protection settings to the devices.
What is the minimum number of app protection policies required?
Answer:
B
One for Android, and one for iOS/iPadOS.
When you create an app protection policy for iOS/iPadOS and Android apps, you follow a modern Intune process flow that results in a new app protection policy.
Create an iOS/iPadOS or Android app protection policy.
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select Apps > App protection policies. This selection opens the App protection policies details, where you create new policies and edit existing policies.
3. Select Create policy and select either iOS/iPadOS or Android. The Create policy pane is displayed.
4. Etc.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies
You have following types of devices enrolled in Microsoft Intune:
✑ Windows 10
✑ Android
✑ iOS
For which types of devices can you create VPN profiles in Microsoft Endpoint Manager?
Answer:
D
You can create VPN profiles for Android, Android Enterprise, iOS/iPadOS, macOS, Windows 10 and later, and Windows 8.1 devices.
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/vpn-settings-android
HOTSPOT -
You have a Microsoft 365 tenant that uses Microsoft Intune to manage the devices shown in the following table.
You need to deploy a compliance solution that meets the following requirements:
✑ Marks the devices as Not Compliant if they do not meet compliance policies
✑ Remotely locks noncompliant devices
What is the minimum number of compliance policies required, and which devices support the remote lock action? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: 4 -
Windows, Android Enterprise, Android, and one for iOS/iPAD.
Box 2: Device2, Device3, Device4, and Device5
Remote lock is supported for the following platforms:
Android -
Android Enterprise kiosk devices
Android Enterprise work profile devices
Android Enterprise fully managed devices
Android Enterprise corporate-owned with work profile devices
iOS
macOS
Reference:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/device-remote-lock
You have a Microsoft 365 tenant that contains the devices shown in the following table.
The devices are managed by using Microsoft Intune.
You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.
You discover that devices that are not members of Group1 are shown as Compliant.
You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.
What should you do?
Answer:
B
There are two parts to compliance policies in Intune:
Compliance policy settings ג€" Tenant-wide settings that are like a built-in compliance policy that every device receives. Compliance policy settings set a baseline for how compliance policy works in your Intune environment, including whether devices that haven't received any device compliance policies are compliant or noncompliant.
Device compliance policy ג€" Platform-specific rules you configure and deploy to groups of users or devices. These rules define requirements for devices, like minimum operating systems or the use of disk encryption. Devices must meet these rules to be considered compliant.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
Your network contains an Active Directory domain. The domain contains 5,000 computers that run Windows 10.
All users use Roaming User Profiles.
Some users report that it takes a long time to sign in to the computers.
You discover that the users have user profiles that are larger than 1 GB.
You need to reduce the amount of time it takes for the users to sign in.
What should you configure?
Answer:
A
Folder Redirection and Offline Files are used together to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. Roaming User Profiles is used to redirect a user profile to a network location.
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview
