HOTSPOT -
You have several devices enrolled in Microsoft Endpoint Manager.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.
The device type restrictions in Endpoint Manager are configured as shown in the following table.
You add User3 as a device enrollment manager in Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1:
No. User1 is in Group1. The two device type policies that apply to Group1 are Policy3 and the Default (All Users) policy. However, Policy3 has a higher priority than the default policy so Policy3 is the only effective policy. Policy3 allows the enrolment of Android and iOS devices only, not Windows.
Box 2:
No. User2 is in Group1 and Group2. The device type policies that apply to Group1 and Group2 are Policy2, Policy3 and the Default (All Users) policy. However,
Policy2 has a higher priority than Policy 3 and the default policy so Policy2 is the only effective policy. Policy2 allows the enrolment of Windows devices only, not
Android.
Box 3:
Yes. User3 is a device enrollment manager. Device restrictions to not apply to a device enrollment manager.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set
HOTSPOT -
You create two device compliance policies for Android devices as shown in the following table.
You have the Android devices shown in the following table.
The users belong to the groups shown in the following table.
The users enroll their device in Microsoft Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
References:
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android
HOTSPOT -
Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.
You update the Windows 10 devices by using Windows Update for Business.
What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
References:
https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb
Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.
Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Answer:
BD
References:
https://docs.microsoft.com/en-us/sccm/comanage/overview
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/create-vpn-profiles
HOTSPOT -
Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).
You have Windows 10 and Windows 8.1 devices.
You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
References:
https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-get-started https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-get-started
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You have a Microsoft 365 subscription.
You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.
What should you configure?
Answer:
B
References:
https://docs.microsoft.com/en-us/intune/mdm-authority-set
You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)
The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)
Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?
Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
You have computers that run Windows 10 Enterprise and are joined to the domain.
You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.
You need to prevent Windows from being updated for the next 30 days.
Which two Group Policy settings should you configure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
BD
References:
https://insider.windows.com/en-us/for-business-organization-admin/
HOTSPOT -
You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.
The device compliance policies in Endpoint Manager are configured as shown in the following table.
The device compliance policies have the assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.
Which role should you assign to the user?
Answer:
C
References:
https://docs.microsoft.com/en-us/microsoft-store/roles-and-permissions-microsoft-store-for-business
