Exams > Microsoft > MD-101: Managing Modern Desktops
MD-101: Managing Modern Desktops
Page 9 out of 36 pages Questions 81-90 out of 360 questions
Question#81

Your company uses Microsoft Intune.
More than 500 Android and iOS devices are enrolled in the Intune tenant.
You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.
You need to ensure that the policies can target the devices based on their version of Android or iOS.
What should you configure first?

  • A. Corporate device identifiers in Intune
  • B. Device settings in Microsoft Azure Active Directory (Azure AD)
  • C. Device categories in Intune
  • D. Groups that have dynamic membership rules in Microsoft Azure Active Directory (Azure AD)
Discover Answer Hide Answer

Answer: D
We can create dynamic groups by using the deviceOSVersion or deviceOSType properties, and then apply Intune configuration policies to those groups.
Reference:
https://docs.microsoft.com/en-us/archive/blogs/pauljones/dynamic-group-membership-in-azure-active-directory-part-2 https://docs.microsoft.com/en-ie/mem/intune/enrollment/device-group-mapping

Question#82

You have computers that run Windows 10 Pro. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to upgrade the computers to Windows 10 Enterprise.
What should you configure in Intune?

  • A. A device enrollment policy
  • B. A device cleanup rule
  • C. A device compliance policy
  • D. A device configuration profile
Discover Answer Hide Answer

Answer: D
Intune: Upgrade Windows Pro to Enterprise.
1. First, create a Microsoft Intune configuration policy. In the Azure Portal navigate to Microsoft Intune -> Device Configuration -> Profiles. Click Create Profile.
2. Next, create a new Windows 10 and later profile, with a type of Edition Upgrade. Click Settings
3. Etc.
Reference:
https://blogs.technet.microsoft.com/skypehybridguy/2018/09/21/intune-upgrade-windows-from-pro-to-enterprise-automatically/

Question#83

You are creating a device configuration profile in Microsoft Intune.
You need to implement an ADMX-backed policy.
Which profile type should you use?

  • A. Identity protection
  • B. Custom
  • C. Device restrictions
  • D. Device restrictions (Windows 10 Team)
Discover Answer Hide Answer

Answer: B
Ingest the Microsoft Edge ADMX file into Intune
To ingest the ADMX file, follow these steps:
1. Download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab) from the Microsoft Edge Enterprise landing page and extract the contents. The file that you want to ingest is msedge.admx.
2. Sign in to the Microsoft Azure portal.
3. Select Intune from All Services, or search for Intune in the portal search box.
4. From Microsoft Intune - Overview, select Device configuration | Profiles.
5. On the top command bar, select + Create profile.
6. Provide the following profile information:
Name: Enter a descriptive name. For this example, "Microsoft Edge ADMX ingested configuration".
Description: Enter an optional description for the profile.
Platform: Select "Windows 10 and later"
Profile type: Select "Custom"
7. On Custom OMA-URI Settings, click Add to add an ADMX ingestion.

8. Etc.
Reference:
https://docs.microsoft.com/en-us/deployedge/configure-edge-with-mdm

Question#84

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Contoso.com contains the devices shown in the following table.

In Intune, you create the app protection policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy

Question#85

Your network contains an Active Directory named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.
Folder Redirection is configured for a domain user named User1. The AppData\Roaming folder and the Desktop folder are redirected to a network share.
User1 signs in to Computer1 and performs the following tasks:
✑ Configures screen saver to start after five minutes of inactivity
✑ Modifies the default save location for Microsoft Word
✑ Creates a file named File1.docx on the desktop
✑ Modifies the desktop background
What will be retained when User1 signs in to Computer2?

  • A. File1.docx and the desktop background only
  • B. File1.docx, the screen saver settings, the desktop background, and the default save location for Word
  • C. File1.docx only
  • D. File1.docx, the desktop background, and the default save location for Word only
Discover Answer Hide Answer

Answer: B
* Folder Redirection enables users and administrators to redirect the path of a known folder to a new location, manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a file share. Users interact with files in the redirected folder as if it still existed on the local drive. For example, you can redirect the Documents folder, which is usually stored on a local drive, to a network location. The files in the folder are then available to the user from any computer on the network.
* Roaming User Profiles redirects user profiles to a file share so that users receive the same operating system and application settings on multiple computers.
When a user signs in to a computer by using an account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user signs out of the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. Typically, a network administrator enables Roaming User Profiles on domain accounts.
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview

Question#86

HOTSPOT -
You have a computer named Computer1 that runs Windows 10.
Computer1 has the users shown in the following table.

User1 signs in to Computer1, creates the following files, and then signs out:
✑ File1.docx in C:\Users\User1\Desktop
✑ File2.docx in C:\Users\Public\Public Desktop
✑ File3.docx in C:\Users\Default\ Desktop
User3 then signs in to Computer1 and creates a file named File4.docx in C:\Users\User3\Desktop.
User2 has never signed in to Computer1.
How many DOCX files will appear on the desktop of each user the next time each user signs in? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 1: 2 -
File1.docx (Created by User1) and File2.docx (public)

Box 2: 2 -
File2.docx (public) and File3.docx (default),

Box 3: 3 -
File2 (public) + File3 (Default, user1 creates File3 then User3 signs in) + File4 (desktop, user3)

Question#87

Your network contains an Active Directory domain named contoso.com. The domain contains 200 computers that run Windows 10.
Folder Redirection for the Desktop folder is configured as shown in the following exhibit.

The target is set to Server1.
You plan to use known folder redirection in Microsoft OneDrive for Business.
You need to ensure that the desktop content of users remains on their desktop when you implement known folder redirection.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Clear the Grant the user exclusive rights to Desktop check box.
  • B. Change the Policy Removal setting.
  • C. Disable Folder Redirection.
  • D. Clear the Move the contents of Desktop to the new location check box.
Discover Answer Hide Answer

Answer: AB
Reference:
https://docs.microsoft.com/en-us/onedrive/redirect-known-folders

Question#88

HOTSPOT -
You have a Microsoft 365 subscription.
All computers are enrolled in Microsoft Intune.
You have business requirements for securing your Windows 10 environment as shown in the following table.

What should you implement to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 1: A conditional access policy
Box 2: A device compliance policy
Compliance policies in Intune:
Define the rules and settings that users and devices must meet to be compliant.
Include actions that apply to devices that are noncompliant. Actions for noncompliance can alert users to the conditions of noncompliance and safeguard data on noncompliant devices.
Can be combined with Conditional Access, which can then block users and devices that don't meet the rules.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

Question#89

HOTSPOT -
Your company has computers that run Windows 10. The employees at the company use the computers.
You plan to monitor the computers by using the Update Compliance solution.
You create the required resources in Azure.
You need to configure the computers to send enhanced Update Compliance data.
Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 1: Configure the Commercial ID
All Group policies that need to be configured for Update Compliance are under Computer Configuration>Administrative Templates>Windows Components\Data
Collection and Preview Builds. All of these policies must be in the Enabled state and set to the defined Value below.
* Configure the Commercial ID
Identifies the device as belonging to your organization.
Box 2: Allow device name to be sent in Windows diagnostic data
* Allow device name to be sent in Windows diagnostic data
Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in
Update Compliance, showing # instead.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-configuration-manual

Question#90

HOTSPOT -
You are licensed for Microsoft Endpoint Manager.
You use Microsoft Endpoint Configuration Manager and Microsoft Intune.
You have devices enrolled in Configuration Manager as shown in the following table.

In Configuration Manager, you enable co-management and configure the following settings:
✑ Automatic enrolment in Intune: Pilot
✑ Intune Auto Enrollment: Collection1
In Configuration Manager, you configure co-management staging to have the following settings:
✑ Compliance policies: Collection2
✑ Device Configuration: Collection1
In Configuration Manager, you configure co-management workloads as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:

Discover Answer Hide Answer

Answer:
Box 2: No -
Members of Collection2 are not enrolled in Intune.

Box 3: Yes -
Device3 has Collection2 which has compliance policies.
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/comanage/how-to-enable

chevron rightPrevious Nextchevron right