Your on-premises network contains an Active Directory domain named contoso.com.
You perform the following actions:
• Purchase a new Microsoft 365 subscription.
• Create a new user named User1.
• Assign User1 the Security Administrator role.
You need to ensure that User1 can enable Conditional Access policies.
What should User1 do first?
Answer:
C
HOTSPOT
-
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the users shown in the following table.
Group2 and Group3 are members of Group1.
All the users use Microsoft Excel.
From the Microsoft Endpoint Manager admin center, you create the policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
You have a Microsoft 365 E5 subscription.
You need to create a Conditional Access policy to ensure that when a user accesses the Microsoft 365 portal, the user will be prompted to sign in again after seven days.
What should you configure to specify the sign-in frequency?
Answer:
A
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to ensure that only applications that you explicitly allow can run on the computers.
What should you use?
Answer:
D
Application control can help mitigate these types of security threats by restricting the applications that users are allowed to run and the code that runs in the
System Core (kernel). Application control policies can also block unsigned scripts and MSIs, and restrict Windows PowerShell to run in Constrained Language
Mode.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has several Windows 10 devices that are enrolled in Microsoft Intune.
You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.
You need to enroll Computer1 in Intune.
Solution: From Computer1, you sign in to https://portal.manage.microsoft.com and use the Devices tab.
Does this meet the goal?
Answer:
B
Use MDM enrolment.
MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has several Windows 10 devices that are enrolled in Microsoft Intune.
You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.
You need to enroll Computer1 in Intune.
Solution: You install the Company Portal app on Computer1 and use the Devices tab from the app.
Does this meet the goal?
Answer:
B
Use MDM enrolment.
MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has several Windows 10 devices that are enrolled in Microsoft Intune.
You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.
You need to enroll Computer1 in Intune.
Solution: From the Settings app on Computer1, you use the Connect to work or school account settings.
Does this meet the goal?
Answer:
B
Use MDM enrolment.
MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
HOTSPOT -
You have a Microsoft 365 subscription.
You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table.
You need to configure device enrollment to meet the following requirements:
✑ Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager.
✑ Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment.
Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Enrollment restrictions -
As an Intune administrator, you can create and manage enrollment restrictions that define what devices can enroll into management with Intune, including the:
✑ Number of devices.
✑ Operating systems and versions.
Box 2: Device categories -
To make managing devices easier, you can use Microsoft Intune device categories to automatically add devices to groups based on categories that you define.
Device categories use the following workflow:
✑ Create categories that users can choose from when they enroll their device.
✑ When users of iOS/iPadOS and Android devices enroll a device, they must choose a category from the list of categories you configured. To assign a category to a Windows device, users must use the Company Portal website.
✑ You can then deploy policies and apps to these groups.
✑ You can create any device categories you want. For example:
- Point-of-sale device
- Demonstration device
- Sales
- Accounting
- Manager
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping
HOTSPOT -
Your company has 1,000 Windows 10 devices that are enrolled in Windows Analytics.
You need to view the following information:
✑ The number of devices that are vulnerable to Spectre and Meltdown vulnerabilities
✑ The number of devices that have Windows Defender real-time protection turned off
Which Windows Analytics solutions should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Device Health -
Driver health -
App health (outside of a deployment plan)
Frequently crashing devices or driver-induced crashes
Windows sign-in health -
Windows Information Protection -
Support for Windows Server -
Box 2: Device Health -
Incorrect:
* Update Compliance
Support for Windows Update for Business
Delivery Optimization insights -
Support for Windows 10 long-term servicing channel (LTSC)
Windows Insider reports -
Windows Defender status -
* Upgrade Readiness
Internet Explorer Site Discovery data
Microsoft 365 Apps add-in insights (now available in Configuration Manager)
Feedback Hub insights -
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/faq
Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).
You have the Windows 10 devices shown in the following table.
You need to ensure that you can use co-management to manage all the Windows 10 devices.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
CE
Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Microsoft Intune.
Co-management requires Configuration Manager version 1710 or later and enrollment in Microsoft Intune.
Windows 10 devices must be hybrid Azure AD joined.
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview
