HOTSPOT -
Your network contains an on-premises Active Directory domain and a Microsoft Endpoint Configuration Manager site.
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. Configuration Manager and Intune are configured to support co-management.
The Configuration Manager co-management settings are configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Software Center or Company Portal only
Office Click-to-Run apps -
This workload manages Microsoft 365 Apps on co-managed devices.
* After moving the workload, the app shows up in the Company Portal on the device
Apps that you deploy from Configuration Manager are available in Software Center
Box 2: Staging -
What's the difference between Pilot Intune and Intune when I switch workloads?
The difference between Pilot Intune and Intune is subtle but important. Both allow Intune to control a configured workload.
The Pilot Intune setting is used to switch a workload only for the devices in a pilot collection that's created in Configuration Manager. This allows you to test in a staging environment without affecting all Windows 10 devices in the production environment.
The Intune setting is used when you finish testing in the staging environment and are ready to switch a workload for all Windows 10 devices that are enrolled in co-management.
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/comanage/workloads#device-configuration https://docs.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-co-management-workloads
HOTSPOT -
You have 2,500 Windows 10 devices and a Microsoft 365 E5 tenant that contains two users named User1 and User2. The devices are NOT enrolled in Microsoft
Intune.
In Microsoft Endpoint Manager, the Device limit restrictions are configured as shown in the following exhibit.
From Microsoft Endpoint Manager, you add User2 as a device enrollment manager (DEM).
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: No -
The default limit is set to 2.
Box 2: No -
Device enroll limit is set to 2 devices per user.
Note: Maximum number of devices: This setting enables you to select the maximum number of Azure AD joined or Azure AD registered devices that a user can have in Azure AD.
Box 3: Yes -
You can enroll up to 1,000 devices in total with a single Azure Active Directory account by using a device enrollment manager (DEM) account.
Microsoft 365 Device limit restrictions Maximum number of devices per user.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal https://docs.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll
You have a Microsoft 365 tenant that contains devices registered for mobile device management. The devices are configured as shown in the following table.
You plan to enable VPN access for the devices.
What is the minimum number of configuration policies required?
Answer:
C
Create one configuration policies for each platform.
Platform: Choose the platform of your devices. Your options:
Android device administrator -
Android Enterprise -
iOS/iPadOS
macOS
Windows 10 and later -
You create a custom profile for Android device administrator, Android Enterprise, iOS/iPadOS, macOS, and Windows respectively.
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/custom-settings-configure https://docs.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure
HOTSPOT -
Your on-premises network contains an Active Directory domain and a Microsoft Endpoint Configuration Manager site.
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You use Azure AD Connect to sync user objects and group objects to Azure Active Directory (Azure AD). Password hash synchronization is disabled.
You plan to implement co-management.
You need to configure Azure AD Connect and the domain to support co-management.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Configure Hybrid Azure AD join.
See step 6 below.
Configure a hybrid Azure AD join using Azure AD Connect
1. Get and install the latest version of Azure AD Connect (1.1.819.0 or higher).
2. Launch Azure AD Connect, and then select Configure.
3. On the Additional tasks page, select Configure device options, and then select Next.
4. On the Overview page, select Next.
5. On the Connect to Azure AD page, enter the credentials of a global administrator for Azure AD.
6. On the Device options page, select Configure Hybrid Azure AD join, and then select Next.
7. On the Device operating systems page, select the operating systems used by devices in your Active Directory environment, and then select Next.
8. You can select the option to support Windows downlevel domain-joined devices, but keep in mind that co-management of devices is only supported for
Windows 10 or later.
9. On the SCP page, for each on-premises forest you want Azure AD Connect to configure the service connection point (SCP), do the following steps, and then select Next:
10.Etc.
Box 2: Register a service connection point (SCP)
See step 9 above.
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-clients
HOTSPOT
-
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.
Defender for Endpoint has the device groups shown in the following table.
You create an incident email notification rule configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
HOTSPOT
-
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You need to identify the settings that are below the Standard protection profile settings in the preset security policies.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
You have an Azure AD tenant that contains a user named User1. User1 has the devices shown in the following table.
The Device settings are configured as shown in the following exhibit.
How many of the devices can User1 join to Azure AD?
Answer:
A
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You need to ensure that during device enrollment in Intune, users are prevented from using their device until all assigned apps and profiles are installed.
What should you configure?
Answer:
D
HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune.
You create an Android app protection policy named Policy1 that is targeted to all Microsoft apps and assigned to all users.
Policy1 has the Data protection settings shown in the following exhibit.
Use the drop down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Answer:
You have a Microsoft 365 E5 subscription. The subscription contains users that have the following types of devices:
• Windows 10
• Android
• iOS
On which devices can you configure the Endpoint DLP policies?
Answer:
A
