MD-101
Your network contains an Active Directory domain. The domain contains member computers that run Windows 8.1 and are enrolled in Microsoft Intune. You need to identify which computers can be upgraded to Windows 10. Solution: You install the Microsoft Assessment and Planning Toolkit. From the Microsoft Assessment and Planning Toolkit, you collect inventory data and run the Windows 8.1 Readiness scenario. Does this meet the goal? Yes or No
No Explanation Instead run the Windows 10 Readiness scenario.
You have a computer named Computer1 that runs Windows 10. You save a provisioning package named Package1 to a folder named C:\Folder1. You need to apply Package1 to Computer1. Solution: From File Explorer, you go to C:\Folder1, and then you double-click the Package1.ppkg file. Does this meet the goal? Yes or No
Yes
You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and Windows 10 Pro devices. From Microsoft Intune, you create a device configuration profile named Profile1. You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1. Solution: You configure an applicability rule for Profile1. You assign Profile1 to Group1. Does this meet the goal? Yes or No
Yes Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create
You have 100 Windows 10 devices enrolled in Microsoft Intune. You need to configure the devices to retrieve Windows updates from the internet and from other computers on a local network. Which Delivery Optimization setting should you configure, and which type of Intune object should you create? 1. Delivery Optimization setting: 2. Intune object: A. 1. Download mode 2. A configuration profile B. 1. Bandwidth optimization type 2. Windows 10 update rings C. 1. VPN peer caching 2. App configuration policies D. 1. VPN peer caching 2. Windows 10 quality updates
A. 1. Download mode 2. A configuration profile Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/configuration/delivery-optimization-settings https://docs.microsoft.com/en-us/mem/intune/configuration/delivery-optimization-windows
You have five computers that runs Windows 10. You need to create a provisioning package to configure the computers to meet the following requirements: Run an interactive app. Automatically sign in by using a local user account. Prevent users from accessing the desktop and running other applications. Which four actions should you perform in sequence? Actions: Apply the provisioning package. Run the Provision desktop devices project. Copy the provisioning package to each computer. Run the Provision kiosk devices project. Install the Microsoft Deployment Toolkit (MDT). Enable Microsoft User Experience Virtualization (UE-V). Install the Windows Configuration Designer. A. 1. Install the Windows Configuration Designer. 2. Run the Provision kiosk devices project. 3. Copy the provisioning package to each computer. 4. Apply the provisioning package. B. 1. Install the Windows Configuration Designer. 2. Run the Provision kiosk devices project. 3. Copy the provisioning package to each computer. 4. Enable Microsoft User Experience Virtualization (UE-V). C. 1. Install the Windows Configuration Designer. 2. Run the Provision desktop devices project. 3. Copy the provisioning package to each computer. 4. Apply the provisioning package. D. 1. Install the Microsoft Deployment Toolkit (MDT). 2. Run the Provision kiosk devices project. 3. Copy the provisioning package to each computer. 4. Apply the provisioning package.
A. 1. Install the Windows Configuration Designer. 2. Run the Provision kiosk devices project. 3. Copy the provisioning package to each computer. 4. Apply the provisioning package. Explanation Step 1: Install Windows Configuration Designer On devices running Windows client, you can install the Windows Configuration Designer app from the Microsoft Store. Step 2: Run the Provision kiosk devices project. A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app. Step 3: Copy the provisioning package to each computer. Provisioning packages can be applied to client devices during the first-run experience (out-of-box experience or "OOBE") and after ("runtime"). Step 4: Apply the provisioning package. Apply the provisioning package to a device running Windows client. Reference: https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app
You have been tasked with reusing a Windows 10 computer that was assigned to a user who is no longer with the company. The computer will be assigned to a new user. You plan to make use of Windows AutoPilot to redeploy the computer. Which of the following actions should you take FIRST? A. Create a CSV file containing the computer info. B. Create a HTML file containing the computer info. C. Wipe the computer. D. Reset the computer.
A. Create a CSV file containing the computer info Explanation You can perform Windows Autopilot device registration within your organization by manually collecting the hardware identity of devices (hardware hashes) and uploading this information in a comma-separated-values (CSV) file.
You have a Microsoft 365 subscription. A remote user purchases a laptop from a retail store. The laptop is intended for company use and has Windows 10 Pro edition installed. You need to configure the laptop to meet the following requirements: Modify the layout of the Start menu Upgrade Windows 10 to Windows 10 Enterprise Join the laptop to a Microsoft Azure Active Directory (Azure AD) domain named contoso.com The solution must minimize how long it takes for the user to apply the configurations. What should you do? A. Create a provisioning package (.ppkg) file and email the file to the user B. Create a Sysprep Unattend (.xml) file and email the file to the user C. Create a custom Windows image (.wim) file that contains an image of Windows 10 Enterprise and upload the file to a Microsoft D. Create a Windows To Go workspace and ship the workspace to the user
A. Create a provisioning package (.ppkg) file and email the file to the user Explanation A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Note: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (AD) and enrolled in Microsoft Intune. You need to enable self-service password reset on the sign-in screen. Which settings should you configure from the Microsoft Endpoint Manager admin center? A. Device configuration B. Device enrollment C. Device compliance D. Conditional access
A. Device configuration Explanation To enable the self service password reset option with Intune. Use the Azure portal to create a new configuration policy. Open Microsoft Intune, choose Device Configuration, Profiles and Create profile.
You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune. You need to review the servicing status of a computer. What should you do? A. From Software updates, view the Per update ring deployment state. B. From Software updates, view the audit logs. C. From Device configuration - Profiles, view the device status. D. From Device compliance, view the device compliance.
A. From Software updates, view the Per update ring deployment state. Explanation Reports for Update rings for Windows 10 and later policy. Intune offers integrated report views for the Windows update ring policies you deploy. These views display details about the update ring deployment and status: 1. Sign in to Microsoft Endpoint Manager admin center. 2. Select Devices > Monitor. Then under Software updates select Per update ring deployment state and choose the deployment ring to review. Note: Windows 10 and later update rings Use a built-in report that's ready by default when you deploy update rings to your devices.
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You create a terms of use (ToU) named Terms1 in contoso.com. You are creating a conditional access policy named Policy1 to assign a cloud app named App1 to the users in contoso.com. You need to configure Policy1 to require the users to accept Terms1. What should you configure in Policy1? A. Grant in the Access controls section B. Cloud apps or actions in the Assignments section C. Conditions in the Assignments section D. Session in the Access controls section
A. Grant in the Access controls section Explanation Before accessing certain cloud apps in your environment, you might want to get consent from users in form of accepting your terms of use (ToU). Azure Active Directory (Azure AD) Conditional Access provides you with: A simple method to configure ToU The option to require accepting your terms of use through a Conditional Access policy
You have computers that run Windows 10 and are managed by using Microsoft Intune. Users store their files in a folder named D:\Folder1. You need to ensure that only a trusted list of applications is granted write access to D:\Folder1. What should you configure in the device configuration profile? A. Microsoft Defender Exploit Guard B. Microsoft Defender Application Control C. Microsoft Defender SmartScreen D. Microsoft Defender Application Guard
A. Microsoft Defender Exploit Guard
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune. You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed as the Desktop background picture. Which of the following is a Device restriction setting that should be configured? A. Personalization B. Locked screen experience C. General D. Display
A. Personalization Explanation Wallpaper image, or Desktop background picture, URL is set under Personalization.
You company has a Microsoft Azure Active Directory (Azure AD) tenant that includes Microsoft Intune. All of the Windows 10 devices are enrolled in Intune. You are preparing to configure a Windows Information Protection (WIP) policy: You need to make sure that the policy is configured to allow for the logging of unacceptable data sharing, but not blocking the action. Which of the following is the WIP protection mode that you should use? A. Silent B. Allow Overrides C. Off D. Block
A. Silent Explanation Silent: WIP runs silently, logging inappropriate data sharing, without blocking anything that would have been prompted for employee interaction while in Allow Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.
You have an on-premises server named Server1 that hosts a Microsoft Deployment Toolkit (MDT) deployment share named MDT1. You need to ensure that MDT1 supports multicast deployments. What should you install on Server1? A. Windows Deployment Services (WDS) B. Multipoint Connector C. Windows Server Update Services (VVSUS) D. Multipath I/O (MPIO)
A. Windows Deployment Services (WDS)
Your company has a Microsoft 365 subscription. You have enrolled all the company computers in Microsoft Intune. You have been tasked with making sure that devices with a high Windows Defender Advanced Threat Protection (Windows Defender ATP) risk score are locked. Which of the following actions should you take? A. You should create a device compliance policy. B. You should create a device configuration profile. C. You should create a Windows AutoPilot deployment profile. D. You should create a conditional access policy.
A. You should create a device compliance policy. Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance
Your company has a large number of Windows 10 workstations that are managed via Microsoft Intune. Delivery Optimization is not being used for Windows updates at present. You want to make sure that Delivery Optimization is configured for all of the workstations. Which of the following actions should you take? A. You should create a device configuration profile via Intune. B. You should create a device compliance policy via Intune. C. You should create a Windows AutoPilot deployment profile via Intune. D. You should create a conditional access policy via Intune.
A. You should create a device configuration profile via Intune. Explanation With Intune, use Delivery Optimization settings for your Windows devices to reduce bandwidth consumption when those devices download applications and updates. Configure Delivery Optimization as part of your device configuration profiles.
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace. Which three types of data can you collect from the computers by using Log Analytics? A. the list of processes and their execution times B. the average processor utilization C. failure events from the Security log D. third-party application logs stored as text files E. error events from the System log
A. the list of processes and their execution times B. the average processor utilization E. error events from the System log Explanation Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor logs, such as the system log, and interactively analyze their results.
You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune. You need to deploy a custom line-of-business (LOB) app to the devices by using Intune. Which extension should you select for the app package file? A. .appx B. .ipa C. .intunemac D. .apk
B. .ipa Explanation iOS/iPadOS LOB apps: Select Line-of-business app as the app type, select the App package file, and then enter an iOS/iPadOS installation file with the extension .ipa.
You have a Microsoft Deployment Toolkit (MDT) deployment share that has a path of D:\MDTShare. You need to add a feature pack to the boot image. Which three actions should you perform in sequence? Actions: Modify the Windows PE properties of the deployment share. Modify the General properties of the deployment share. Copy the feature pack to D:\MDTShare\Packages. Copy the feature pack to D:\MDTShare\Tools\x86. Update the deployment share. A. 1. Modify the Windows PE properties of the deployment share. 2. Copy the feature pack to D:\MDTShare\Tools\x86. 3. Update the deployment share. B. 1. Copy the feature pack to D:\MDTShare\Tools\x86. 2. Modify the Windows PE properties of the deployment share. 3. Update the deployment share. C. 1. Copy the feature pack to D:\MDTShare\Packages. 2. Modify the Windows PE properties of the deployment share. 3. Update the deployment share. D. 1. Modify the Windows PE properties of the deployment share. 2. Modify the General properties of the deployment share. 3. Copy the feature pack to D:\MDTShare\Packages.
B. 1. Copy the feature pack to D:\MDTShare\Tools\x86. 2. Modify the Windows PE properties of the deployment share. 3. Update the deployment share. Explanation Step 1: Copy the feature pack to D:\MDTShare\Tools\x86 Add a feature pack, DaRT 10 (part of MDOP 2015), to the boot images. 1. Copy the CAB files to the deployment share: MDTShare\Tools\x86 2. In the Deployment Workbench, right-click the MDTShare deployment share and select Properties. Step 2: Modify the Windows PE properties of the deployment share 3. On the Windows PE tab, in the Platform drop-down list, make sure x86 is selected. 4. On the Features sub tab, select the Microsoft Diagnostics and Recovery Toolkit (DaRT) checkbox. Etc. Step 3: Update the deployment share Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.
Your company has a computer named Computer1 that runs Windows 10. Computer1 was used by a user who left the company. You plan to repurpose Computer1 and assign the computer to a new user. You need to redeploy Computer1 by using Windows AutoPilot. Which three actions should you perform in sequence? Actions: Upload the file by using Microsoft Intune. Generate a CSV file that contains the computer information. Upload the file by running azcopy.exe. Generate a JSON file that contains the computer information. Reset the computer. A. 1. Generate a JSON file that contains the computer information. 2. Upload the file by running azcopy.exe. 3. Reset the computer. B. 1. Generate a CSV file that contains the computer information. 2. Upload the file by using Microsoft Intune. 3. Reset the computer. C. 1. Generate a CSV file that contains the computer information. 2. Upload the file by running azcopy.exe. 3. Reset the computer. D. 1. Generate a JSON file that contains the computer information. 2. Upload the file by using Microsoft Intune. 3. Reset the computer.
B. 1. Generate a CSV file that contains the computer information. 2. Upload the file by using Microsoft Intune. 3. Reset the computer. Explanation Step 1: Generate a CSV file that contains the computer information You can perform Windows Autopilot device registration within your organization by manually collecting the hardware identity of devices (hardware hashes) and uploading this information in a comma-separated-values (CSV) file. Step 2: Upload the file by using Microsoft Intune By default, Intune only applies this profile to Windows Autopilot devices. Yes, to convert all targeted, non-auto pilot devices to Autopilot so that they can receive the profile the next time they perform a factory reset. Step 3: Reset the computer - Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply. Specifically, Windows Autopilot Reset: Removes personal files, apps, and settings. Reapplies a device's original settings. Sets the region, language, and keyboard to the original values. Maintains the device's identity connection to Azure AD. Maintains the device's management connection to Intune.
You manage a Microsoft Deployment Toolkit (MDT) deployment share named DS1. DS1 contains an Out-of-Box Drivers folder named Windows 10 x64 that has subfolders in the format of {make name}\{model name}. You need to modify a deployment task sequence to ensure that all the drivers in the folder that match the make and model of the computers are installed without using PnP detection or selection profiles. What should you do? 1. Phase that you must modify in the deployment task sequence: 2. Task that you must use to specify which folder contains the drivers: A. 1. Install 2. Set Task Sequence Variable B. 1. Preinstall 2. Inject Drivers C. 1. Validation 2. Validate D. 1. Preinstall 2. Gather
B. 1. Preinstall 2. Inject Drivers Explanation 1: Preinstall - PREINSTALL - Completes any tasks that need to be done (such as creating new partitions) before the target operating system is deployed. Incorrect: * INSTALL Installs the target operating system on the target computer. * VALIDATION Identifies that the target computer is capable of running the scripts necessary to complete the deployment process. 2: Inject Drivers Inject Drivers - This task sequence step injects drivers that have been configured for deployment to the target computer. The unique properties and settings for the Inject Drivers task sequence step type are: * Property: TypeSet this read-only type to Inject Drivers. * Settings Install only matching drivers: Injects only the drivers that the target computer requires and that match what is available in Out-of-Box Drivers Install all drivers: Installs all drivers Selection profile: Installs all drivers in the selected profile
Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD). A user named User1 uses the domain-joined devices shown in the following. Name | Operating system Device1 Windows 8.1 Pro Device2 Windows 10 Pro In the Azure Active Directory admin center, you assign a Windows 10 Enterprise E5 license to User1. You need to identify what will occur when User1 next signs in to the devices. What should you identify for each device? Device1: Device2: A. 1. Will activate as Windows 10 Enterprise 2. Will perform a clean installation of Windows 10 Enterprise B. 1. Will not upgrade to Windows 10 Enterprise 2. Will activate as Windows 10 Enterprise C. 1. Will perform a clean installation of Windows 10 Enterprise 2. Will not upgrade to Windows 10 Enterprise D. 1.Will perform an in-place upgrade to Windows 10 Enterprise 2. Will perform a clean installation of Windows 10 Enterprise
B. 1. Will not upgrade to Windows 10 Enterprise 2. Will activate as Windows 10 Enterprise Explanation 1: Will not upgrade to Windows 10 Enterprise 2: Will activate as Windows 10 Enterprise Windows 10 Pro supports the Subscription Activation feature, enabling users to step-up from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5. With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions Windows 10 Education or Windows 11 Education.
Your network contains an on-premises Active Directory forest named contoso.com that syncs to Azure Active Directory (Azure AD). Azure AD contains the users shown in the following. Name | Source | Member of User1 Azure AD Group1 User2 Windows Active Directory Group2 You assign Windows 10 Enterprise E5 licenses to Group1 and User2. You add computers to the network as shown in the following. Name | Operating system | Joined to Computer1 Windows 10 Pro Azure AD Computer2 Windows 10 Pro Active Directory Computer3 Windows 8.1 Active Directory For each of the following statements, select Yes if the statement is true. Otherwise, select No. Statements: 1. If User1 signs in to Computer1, Computer1 will be upgraded to Windows 10 Enterprise E5 automatically. 2. If User2 signs in to Computer2, Computer2 will be upgraded to Windows 10 Enterprise E5 automatically. 3. If User2 signs in to Computer3, Computer3 will be upgraded to Windows 10 Enterprise E5 automatically. A. 1. Yes 2. No 3. No B. 1. Yes 2. Yes 3. No C. 1. No 2. No 3. No D. 1. Yes 2. No 3. Yes
B. 1. Yes 2. Yes 3. No Explanation 1: Yes - Computer 1 is directly connected to Azure AD. 2: Yes - Computer 2 is Hybrid Azure AD connected. 3: No - User2 is not in Azure Active Directory. Reference: https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
Your company has an Active Directory domain, named weylandindustries.com, and a Microsoft Office 365 subscription. The domain is also synced to Microsoft Azure Active Directory (Azure AD). All company computers are domain-joined, and are running the most recent Microsoft OneDrive sync client. You are currently configuring OneDrive group policy settings. Which of the following is the setting that will minimize the disk space consumed by a user profile, when enabled? A. Silently configure OneDrive using the primary Windows account B. OneDrive Files On-Demand C. Silently move known folders to OneDrive D. Prompt users to move Windows known folders to OneDrive
B. OneDrive Files On-Demand Explanation OneDrive Files On-Demand enables users to view, search for, and interact with files stored in OneDrive from within File Explorer without downloading them and taking up space on the local hard drive.
Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10. You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune. You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort. A. An Autodiscover address record. B. A Windows AutoPilot deployment profile. C. An Autodiscover service connection point (SCP). D. A Group Policy object (GPO).
B. A Windows AutoPilot deployment profile. Explanation Hybrid Azure AD join. Support for Hybrid Azure AD join (on-premises AD) using Windows Autopilot user-driven mode is available with Windows 10, version 1809 (or later). Note: In this mode, you can use Windows Autopilot to join a device to an on-premises Active Directory domain. Configuring this feature is very similar to the Windows Autopilot user-driven mode process today: 1. Register the device with Windows Autopilot. 2. Create an Autopilot deployment profile specifying Hybrid Azure AD as the method in which you would like to join devices to Azure AD. 3. Install the Intune Connector for Active Directory on a computer running Windows Server 2016 (or later).
You manage your company's Microsoft 365 subscription. You are tasked with creating an app protection policy for the Microsoft Outlook app on iOS devices that are not enrolled in Microsoft 365 Device Management. You have to make sure that the policy is configured to prohibit the users from using the Outlook app if the operating system version is less than 12.0.0. You also have to make sure that an alphanumeric passcode is required for users to access the Outlook app. Which of the following is policy settings that you should configure? (Choose two.) A. Data transfer exemptions B. Conditional launch C. Data protection D. Access requirements
B. Conditional launch D. Access requirements Explanation Conditional launch - Configure conditional launch settings to set sign-in security requirements for your access protection policy. By default, several settings are provided with pre-configured values and actions. You can delete some of these, like the Min OS version. You can also select additional settings from the Select one dropdown. Access requirements - PIN for access Select Require to require a PIN to use this app. The user is prompted to set up this PIN the first time they run the app in a work or school context. The PIN is applied when working either online or offline.
Your company has computers that run Windows 10. The employees at the company use the computers. You plan to monitor the computers by using the Update Compliance solution. You create the required resources in Azure. You need to configure the computers to send enhanced Update Compliance data. Which two Group Policy settings should you configure? A. Toggle user control over insider builds B. Configure the Commercial ID C. Allow commercial data pipeline D. Configure telemetry opt-in change notification E. Allow device name to be sent in Windows diagnostic data F. Allow Telemetry
B. Configure the Commercial ID E. Allow device name to be sent in Windows diagnostic data Explanation Configure the Commercial ID All Group policies that need to be configured for Update Compliance are under Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds. All of these policies must be in the Enabled state and set to the defined Value below. Configure the Commercial ID Identifies the device as belonging to your organization. Allow device name to be sent in Windows diagnostic data Allow device name to be sent in Windows diagnostic data Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing instead. Reference: https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-configuration-manual
You have a Microsoft 365 subscription. You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD). You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD. You need to ensure that the desktop theme, taskbar settings, and Bluetooth settings are available on the new computers. What should you use? A. Roaming user profiles B. Enterprise State Roaming C. Folder Redirection D. The Microsoft SharePoint Migration Tool
B. Enterprise State Roaming
You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace. You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup. You need to ensure that you can use Log Analytics to query events from Computer1. What should you do on Computer1? A. Create an event subscription B. Install the Microsoft Monitoring Agent C. Configure the commercial ID D. Join Azure Active Directory (Azure AD)
B. Install the Microsoft Monitoring Agent Explanation Verify agent connectivity to Azure Monitor. From the computer in Control Panel, find the item Microsoft Monitoring Agent. Select it and on the Azure Log Analytics tab, the agent should display a message stating: The Microsoft Monitoring Agent has successfully connected to the Microsoft Operations Management Suite service.
Your company plans to deploy tablets to 50 meeting rooms. The tablets run Windows 10 and are managed by using Microsoft Intune. The tablets have an application named App1. You need to configure the tablets so that any user can use App1 without having to sign in. Users must be prevented from using other applications on the tablets. Which device configuration profile type should you use? A. Identity protection B. Kiosk C. Device restrictions D. Endpoint protection
B. Kiosk Explanation A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
You have 100 computers that run Windows 8.1. You need to create a report that will assess the Windows 10 readiness of the computers. What should you use? A. Microsoft Desktop Optimization Pack (MDOP) B. Microsoft Assessment and Planning (MAP) Toolkit C. Windows Assessment and Deployment Kit (Windows ADK) D. Windows Deployment Services (WDS)
B. Microsoft Assessment and Planning (MAP) Toolkit
You have 100 computers that run Windows 8.1. You need to identify which computers can be upgraded to Windows 10. What should you use? A. Update Compliance in Azure B. Microsoft Assessment and Planning (MAP) Toolkit C. Microsoft Deployment Toolkit (MDT) D. Windows Assessment Toolkit
B. Microsoft Assessment and Planning (MAP) Toolkit
You have a Microsoft 365 tenant that uses Microsoft Intune for mobile device management (MDM). You associate a Microsoft Store for Business account with Intune. You purchase an app named App1 from the Microsoft Store for Business. You need to ensure that App1 can be deployed by using Intune. What should you do? A. Create an app protection policy in Intune. B. Sync purchased apps from the Microsoft Store for Business. C. Integrate the Windows Autopilot Deployment Program into the Microsoft Store for Business. D. Create an app category in Intune.
B. Sync purchased apps from the Microsoft Store for Business. Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/apps/windows-store-for-business
Your company has a Microsoft 365 subscription. The company uses Microsoft Intune to manage all devices. The company uses conditional access to restrict access to Microsoft 365 services for devices that do not comply with the company's security policies. You need to identify which devices will be prevented from accessing Microsoft 365 services. What should you use? A. Microsoft Defender Security Center. B. The Device compliance blade in the Microsoft Endpoint Manager admin center. C. The Device tab in Desktop Analytics. D. The Conditional access blade in the Azure Active Directory admin center.
B. The Device compliance blade in the Microsoft Endpoint Manager admin center. Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor
Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains computers that run Windows 10. The computers are enrolled in Microsoft Intune and Windows Analytics. Your company protects documents by using Windows Information Protection (WIP). You need to identify non-approved apps that attempt to open corporate documents. What should you use? A. Intune Data Warehouse B. the App protection status report in Intune C. Microsoft Cloud App Security D. the Device Health solution in Windows Analytics
B. the App protection status report in Intune Explanation References: https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/wip- learning
You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1. You import a Windows 10 image to DS1. You have an executable installer for an application named App1. You need to ensure that App1 will be installed for all the task sequences that deploy the image. Which three actions should you perform in sequence? Actions: Modify a Windows 10 operating system setting. Add App1 to DS1. Modify a selection profile. Identity the GUID of App1. Modify CustomSettings.ini. A. 1. Add App1 to DS1. 2. Modify a selection profile. 3. Identity the GUID of App1. B. 1. Modify a selection profile. 2. Identity the GUID of App1. 3. Modify CustomSettings.ini. C. 1. Add App1 to DS1. 2. Identity the GUID of App1. 3. Modify CustomSettings.ini. D. 1. Modify a Windows 10 operating system setting. 2. Add App1 to DS1. 3. Modify a selection profile.
C. 1. Add App1 to DS1. 2. Identity the GUID of App1. 3. Modify CustomSettings.ini. Explanation Step 1: Add App1 to DS1 - Add an application in the MDT console. Step 2: Identify the GUID of App1. Step 3: Modify the CustomSettings.ini It is possible in the CustomSettings.ini file, to check the default program to add the following line: ApplicationsXXX ={GUID-APPLICATION} or to force the installation of the application box checked and grayed out: MandatoryApplicationsXXX ={GUID-APPLICATION}
You have the x64 devices shown in the following. Name | Operating system | Install apps Computer1 64bit version of Windows 8.1 Pro Microsoft Office 2013 Computer2 32bit version of Windows 8.1 Enterprise None You have the Windows 10 Enterprise images shown in the following. Name | Platform | Description Image1 x64 Custom Windows 10 Enterprise image that has Microsoft Office 2019 installed Image2 x64 Default Windows 10 Enterprise image created by Microsoft Image3 x86 Custom Windows 10 Enterprise image that has Microsoft Office 2019 installed Image4 x86 Default Windows 10 Enterprise image created by Microsoft You need to identify which images can be used to perform an in-place upgrade of Computer1 and Computer2. Which images should you identify? 1. Computer1: 2. Computer2: A. 1. Image2 only 2. Image2, Image3, and Image4 only B. 1. Image1 only 2. Image1, Image2, Image3, and Image4 C. 1. Image1 and Image2 only 2. Image3 and Image4 only D. 1. Image1, Image2, and Image3 only 2. Image4 only
C. 1. Image1 and Image2 only 2. Image3 and Image4 only Explanation 1: Image1 and Image2 only - Computer1 is a x64 system so Image1 and Image2 are fine. Note: x86 refers to a 32-bit CPU and operating system while x64 refers to a 64-bit CPU and operating system. 2: Image3 and Image4 only - There is no upgrade path from 32 bit versions of Windows to Windows 8 64 bit.
You have a server named Server1 and computers that run Windows 8.1. Server1 has the Microsoft Deployment Toolkit (MDT) installed. You plan to upgrade the Windows 8.1 computers to Windows 10 by using the MDT deployment wizard. You need to create a deployment share on Server1. What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? 1. On Server: 2. Add to the MDT deployment share: A. 1. Install the Windows Assessment and Deployment Kit (Windows ADK) 2. Windows 10 image and package only B. 1. Import the WindowsAutopilotIntune Windows PowerShell module. 2. Windows 10 image, task sequence, and package C. 1. Install the Windows Deployment Services server role. 2. Windows 10 image and task sequence only D. 1. Import the Deployment Image Servicing and Management (DISM) PowerShell module. 2. Windows 10 image only
C. 1. Install the Windows Deployment Services server role. 2. Windows 10 image and task sequence only Explanation 1: Install the Windows Deployment Services role. Install and initialize Windows Deployment Services (WDS) On the server: Open an elevated Windows PowerShell prompt and enter the following command: Install-WindowsFeature -Name WDS -IncludeManagementTools WDSUTIL /Verbose /Progress /Initialize-Server /Server:MDT01 /RemInst:"D:\RemoteInstall" WDSUTIL /Set-Server /AnswerClients:All Incorrect: * Install the Windows Assessment and Deployment Kit (Windows ADK) MDT installation required the ADK, but MDT is already installed. 2: Windows 10 image and task sequence only Create the reference image task sequence In order to build and capture your Windows 10 reference image for deployment using MDT, you will create a task sequence.
You upgrade three computers from Windows 8.1 to Windows 10 as shown in the following. Name | Days since upgrade Computer1 18 Computer2 9 Computer3 3 The in-place upgrade settings used to perform the upgrade are shown in the following. Name | Setting Computer1 Keep personal files and apps Computer2 None Computer3 Keep personal files and apps After the upgrade, you perform the following actions on each computer: Add a local user account named LocalAdmin1. Install Microsoft Office 2019. For each of the following statements, select Yes if the statement is true. Otherwise, select No. Statements: 1. You can roll back Computer1 to Windows 8.1 2. You can roll back Computer2 to Windows 8.1 3. You can roll back Computer3 to Windows 8.1 A. 1. No 2. Yes 3. No B. 1. Yes 2. Yes 3. Yes C. 1. No 2. Yes 3. Yes D. 1. No 2. No 3. Yes
C. 1. No 2. Yes 3. Yes
You have a Microsoft 365 tenant named contoso.com that contains a group named ContosoUsers. All the users in contoso.com are members of ContosoUsers. You have two Windows 10 devices as shown in the following. Name Join type Mobile device management (MDM) Computer1 Azure AD - registered Microsoft Intune Computer2 Azure AD - joined Microsoft Intune Both Computer1 and Computer2 contain two apps named App1 and App2. You configure an app protection policy named AppPolicy1 that has the following settings: Protected apps: App1 Assignments: ContosoUsers Enrollment state: Without enrollment Windows Information Protection mode: Block For each of the following statements, select Yes if the statement is true. Otherwise, select No. Statements: 1. On Computer1, a user can copy and paste data from App1 to App2. 2. On Computer2, a user can copy and paste data from App1 to App2. 3. Data created by App1 can be wiped selectively from Computer1. A. 1.No 2.Yes 3.No B. 1.No 2.No 3.Yes C. 1.No 2.Yes 3.Yes D. 1.Yes 2.Yes 3.Yes
C. 1.No 2.Yes 3.Yes Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create https://docs.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe
Your network contains an Active Directory domain named contoso.com. The domain contains computers that run Windows 10 and are joined to the domain. The domain is synced to Microsoft Azure Active Directory (Azure AD). You create an Azure Log Analytics workspace and deploy the Device Health solution. You need to enroll the computers in Windows Analytics. Which Group Policy setting should you configure? A. Specify intranet Microsoft update service location B. Allow Telemetry C. Configure the Commercial ID D. Connected User Experiences and Telemetry
C. Configure the Commercial ID
You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 10. You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 10 Enterprise to new computers. The computers have a single hard disk. You need to modify the task sequence to create a system volume and a data volume. Which phase should you modify in the task sequence? A. Postinstall B. State Restore C. Preinstall D. Initialization
C. Preinstall
Your company has an Active Directory domain, named weylandindustries.com. The domain is synced to Microsoft Azure Active Directory (Azure AD) and all company computers have been enrolled in Microsoft Intune. You are preparing to perform a Fresh Start action on certain company devices. Which of the following operating systems support the Fresh Start action? Choose all that apply. A. Windows Vista B. iOS C. Windows 10 D. Windows 8.1
C. Windows 10 Explanation The Fresh Start device action removes any apps that are installed on a PC running Windows 10, version 1709 or later.
You have a Microsoft 365 subscription. All devices run Windows 10. You need to prevent users from enrolling the devices in the Windows Insider Program. What two configurations should you perform from the Endpoint Management admin center? A. a Windows 10 security baseline B. an app configuration policy C. a custom device configuration profile D. a Windows 10 update ring E. a device restrictions device configuration profile
C. a custom device configuration profile D. a Windows 10 update ring Explanation Reference: https://docs.microsoft.com/en-us/windows-insider/business/manage-builds
You network contains an Active Directory domain. The domain contains 200 computers that run Windows 8.1. You have a Microsoft Azure subscription. You plan to upgrade the computers to Windows 10. You need to generate an Upgrade Readiness report for the computers. What should you do? 1. In Azure : 2. On the computers: A. 1. Choose the MDM authority and configure Windows enrollment. 2. Enroll in the Windows Insider Program. B. 1. Create an Azure Log Analytics workspace and add a solution. 2. Enroll in the Windows Insider Program. C. 1. Create a migration project and discover machines. 2. Install the Microsoft Monitoring Agent. D. 1. Create an Azure Log Analytics workspace and add a solution. 2. Configuration the commercial ID.
D. 1. Create an Azure Log Analytics workspace and add a solution. 2. Configuration the commercial ID. Explanation 1: Create an Azure Log Analytics workspace and add a solution Once you have an Azure subscription, follow the steps below to get stared with Upgrade Readiness. Setup a subscription to Microsoft Operations Management Suite (OMS). You will be prompted to link the OMS workspace to an Azure subscription. Once the link with an Azure subscription is complete, your workspace should be ready and you will be redirected to your blank workspace. Enable Upgrade Analytics. To do this, click on the Solutions Gallery In the Solutions Gallery page, scroll to the right to locate and select the Upgrade Analytics (Preview) tile. Now that your Upgrade Analytics subscription is ready, the last requirement is to configure Upgrade Analytics with the details of which version of Windows 10 you are targeting. To do this, click on the tile for Upgrade Analytics Preview . On the Upgrade Analytics Preview page, click on the gear icon labelled Solution Settings. 2: Configure the Commercial ID For the commercialIDValue variable, use the Commercial ID that was generated when you setup your Upgrade Readiness solution. If you don't have this, you can pull it out from your OMS workspace.
Your company uses Windows Update for Business. The research department has several computers that have specialized hardware and software installed. You need to prevent the video drivers from being updated automatically by using Windows Update. Solution: From the Settings app, you clear the Give me updates for other Microsoft products when I update Windows check box. Does this meet the goal? Yes or No
No
You have a server named Server1 and computers that run Windows 8.1. Server1 has the Microsoft Deployment Toolkit (MDT) installed. You plan to upgrade the Windows 8.1 computers to Windows 10 by using the MDT deployment wizard. You need to create a deployment share on Server1. What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? 1. On Server1: 2. Add to the MDT deployment share: A. 1. Import the Deployment Image Servicing and Management (DISM) PowerShell module. 2. Windows 10 image only. B. 1. Import the WindowsAutopilotIntune Windows PowerShell module. 2. Windows 10 image and package only C. 1. Install the Windows AsseSsment and Deployment Kit (Windows ADK). 2. Windows 10 image, task sequence, and package D. 1. Install the Windows Deployment Services server role. 2. Windows 10 image and task sequence only.
D. 1. Install the Windows Deployment Services server role. 2. Windows 10 image and task sequence only. Explanation 1: Install the Windows Deployment Services role. Install and initialize Windows Deployment Services (WDS) On the server: Open an elevated Windows PowerShell prompt and enter the following command: Install-WindowsFeature -Name WDS -IncludeManagementTools WDSUTIL /Verbose /Progress /Initialize-Server /Server:MDT01 /RemInst:"D:\RemoteInstall" WDSUTIL /Set-Server /AnswerClients:All Incorrect: * Install the Windows Assessment and Deployment Kit (Windows ADK) MDT installation required the ADK, but MDT is already installed. 2: Windows 10 image and task sequence only Create the reference image task sequence In order to build and capture your Windows 10 reference image for deployment using MDT, you will create a task sequence.
You have the Microsoft Deployment Toolkit (MDT) installed in three sites as shown in the following. MDT instance name | Site | Default gateway MDT1 New York 10.1.1.0/24 MDT2 London 10.5.5.0/24 MDT3 Dallas 10.4.4.0/24 You use Distributed File System (DFS) Replication to replicate images in a share named Production. You configure the following settings in the Bootstrap.ini file. [Settings] Priority=DefaultGateway, Default [DefaultGateway] 10.1.1.1=NewYork 10.5.5.1=London [NewYork] DeployRoot=\\MDT1\Production$ [London] DeployRoot=\\MDT2\Production$ KeyboardLocale=en-gb - [Default] DeployRoot=\\MDT3\Production$ KeyboardLocale=en-us - You plan to deploy Windows 10 to the computers shown in the following Name | IP address LT1 10.1.1.240 DT1 10.5.5.115 TB1 10.2.2.193 For each of the following statements, select Yes if the statement is true. Otherwise, select No. Statements: 1. TB1 will download the image from MDT3. 2. DT1 will have a KeyboardLocale of en-gb. 3. LT1 will download the image from MDT1. A. 1. No 2. No 3. Yes B. 1. Yes 2. Yes 3. Yes C. 1. No 2. Yes 3. No D. 1. No 2. Yes 3. Yes
D. 1. No 2. Yes 3. Yes Explanation Reference: https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment
Your network contains an Active Directory domain. The domain contains 1,200 computers that run Windows 8.1. You deploy an Upgrade Readiness solution in Microsoft Azure and configure the computers to report to Upgrade Readiness. From Upgrade Readiness, you open a table view of the applications. You need to filter the view to show only applications that can run successfully on Windows 10. How should you configure the filter in Upgrade Readiness? Answer Area: 1. Filter column: 2. Filter value: A. 1. UpgradeAssessment 2. Supported version available B. 1. Issue 2. No known issues C. 1. UpgradeDecison 2. Supported version available D. 1. UpgradeDecison 2. Ready to upgrade
D. 1. UpgradeDecison 2. Ready to upgrade Explanation 1: UpgradeDecision - To approve an asset for upgrade, select the name in the list, and then select one of the following options from the Upgrade decision list: Review in progress - Ready - Ready (with remediation) Unable - Not reviewed - 2: Ready to upgrade -
You have a Windows 10 device named Computer1 enrolled in Microsoft Intune. You need to configure Computer1 as a public workstation that will run a single customer-facing, full-screen application. Which template should you use to create a configuration profile for Computer1 in the Microsoft Endpoint Manager admin center? A. Shared multi-user device B. Device restrictions C. Endpoint protection D. Kiosk
D. Kiosk
You are replacing 100 company-owned Windows devices. You need to use the Microsoft Deployment Toolkit (MDT) to securely wipe and decommission the devices. The solution must meet the following requirements: Back up the user state. Minimize administrative effort. Which task sequence template should you use? A. Standard Client Task Sequence B. Litetouch OEM Task Sequence C. Sysprep and Capture D. Standard Client Replace Task Sequence
D. Standard Client Replace Task Sequence Explanation Standard Client Replace task sequence. Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
All of your company's devices are managed via Microsoft Intune. Conditional access is used to prevent devices that are not compliant with company security policies, from accessing Microsoft 365 services. You need to access Device compliance to view the non-compliant devices. Where should you access Device compliance from? A. System Center Configuration Manager B. The Azure Active Directory admin center. C. Windows Defender Security Center. D. The Intune admin center.
D. The Intune admin center. Explanation Open the Intune Device compliance dashboard: 1. Sign in to the Microsoft Endpoint Manager admin center. 2. Select Devices > Overview > Compliance status tab. Important: Devices must be enrolled into Intune to receive device compliance policies. Note 1: Intune Admin portal URL, Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com Microsoft Intune, which is a part of Microsoft Endpoint Manager, provides the cloud infrastructure, the cloud-based mobile device management (MDM), cloud- based mobile application management (MAM), and cloud-based PC management for your organization. Note 2: Compliance reports help you review device compliance and troubleshoot compliance-related issues in your organization. Using these reports, you can view information on: The overall compliance states of devices The compliance status for an individual setting The compliance status for an individual policy Drill down into individual devices to view specific settings and policies that affect the device
Your company's environment includes a Microsoft 365 subscription. Users in the company's sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis. After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division users Solution: You start by adding the application to Microsoft Store for Business. Does the solution meet the goal? Yes or No
No Explanation Before you can configure, assign, protect, or monitor apps, you must add them to Microsoft Intune.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription. Contoso.com contains a user named [email protected]. You have a computer named Computer1 that runs Windows 8.1. You need to perform an in-place upgrade of Computer1 to Windows 10. Solution: You assign a Windows 10 license to User1. You instruct User1 to sign in to Computer1. Does this meet the goal? Yes or No
No Explanation Instead: From Windows 8.1, you run setup.exe from the Windows 10 installation media. How To Upgrade To Windows 10 Using ISO File 1. Open your existing Windows edition and locate the ISO file. Now right click on this file and Mount, restart the machine. After rebooting, open File Explorer and locate the DVD drive, you'll find that the ISO file is already mounted to it with a temporary drive letter (as you can see in below shown window, where D: is temporary drive letter). Open this drive and click on the setup.exe file.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription. Contoso.com contains a user named [email protected]. You have a computer named Computer1 that runs Windows 8.1. You need to perform an in-place upgrade of Computer1 to Windows 10. Solution: You assign an Enterprise Mobility + Security license to User1. You instruct User1 to sign in to Computer1. Does this meet the goal? Yes or No
No Explanation Instead: From Windows 8.1, you run setup.exe from the Windows 10 installation media. How To Upgrade To Windows 10 Using ISO File 1. Open your existing Windows edition and locate the ISO file. Now right click on this file and Mount, restart the machine. After rebooting, open File Explorer and locate the DVD drive, you'll find that the ISO file is already mounted to it with a temporary drive letter (as you can see in below shown window, where D: is temporary drive letter). Open this drive and click on the setup.exe file.
Your company Windows 10 computers that are enrolled in Microsoft Intune. You make use of Intune to manage the servicing channel settings of all company computers. You receive an enquiry regarding the servicing status of a specific computer. You need to review the necessary policy report. Solution: You navigate to device status via Device configuration. Does the solution meet the goal? Yes or No
No Explanation Note 1: Intune offers integrated report views for the Windows update ring policies you deploy. These views display details about the update ring deployment and status: 1. Sign in to Microsoft Endpoint Manager admin center. 2. Select Devices > Monitor. Then under Software updates select Per update ring deployment state and choose the deployment ring to review. Note 2: Use the Windows 10 and later feature updates (Organizational) report To open the Windows 10 and later feature updates report and view device details for a specific feature updates profile: In the admin center, go to Reports > Windows updates > select the Reports tab > select Windows Feature Update Report. Note 3: To help you monitor and troubleshoot update deployments, Intune supports the following reporting options: Reports in Intune: Windows 10 and later update rings Use a built-in report that's ready by default when you deploy update rings to your devices. Windows 10 and later feature updates In public preview Use two built-in reports that work together to gain a deep picture of update status and issues.
Your company uses Windows Update for Business. The research department has several computers that have specialized hardware and software installed. You need to prevent the video drivers from being updated automatically by using Windows Update. Solution: From the Device Installation and Restrictions settings in a Group Policy object (GPO), you enable Prevent installation of devices using drivers that match these device setup classes, and then you enter the device GUID. Does this meet the goal? Yes or No
No Explanation Prevent installation of devices using drivers that match these device setup classes. This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and Windows 10 Pro devices. From Microsoft Intune, you create a device configuration profile named Profile1. You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1. Solution: You create a scope tag, and then you add the scope tag to the Windows 10 Enterprise devices. You edit the settings of Profile1. Does this meet the goal? Yes or No
No Explanation Reference: https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create
Your company uses Windows Autopilot to configure the computer settings of computers issued to users. A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company. You plan to transfer the computer to a user named User2. You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting and to agree to the license agreement. Solution: You perform a local Windows Autopilot Reset. Does this meet the goal? Yes or No
No Explanation Reference: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune. You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted. Solution: You make use of Windows Defender SmartScreen. Does the solution meet the goal? Yes or No
No Explanation Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows- defender-application-control
Your company has a hybrid configuration of Microsoft Azure Active Directory (Azure AD). Your company also has a Microsoft 365 subscription. After creating a conditional access policy for Microsoft Exchange Online, you are tasked with configuring the policy to block access to Exchange Online. However, the policy should allow access for hybrid Azure AD-joined devices Solution: You should configure the Client apps settings. Does the solution meet the goal? Yes or No
No Explanation Within a Conditional Access policy, an administrator can make use of signals from conditions like risk, device platform, or location to enhance their policy decisions. Client apps - By default, all newly created Conditional Access policies will apply to all client app types even if the client apps condition isn't configured. These conditions are commonly used when requiring a managed device, blocking legacy authentication, and blocking web applications but allowing mobile or desktop apps.
You have a computer that runs Windows 8.1. Two days ago, you upgraded the computer to Windows 10. You need to downgrade the computer to Windows 8.1. Solution: From Windows Update in the Settings app, you use the Advanced options. Does this meet the goal? Yes or No
No Explanation Instead: From the Settings app, you use the Recovery options. Note: Windows 10 supports a ג€Rollbackג€ feature that allows you to go back (recover) to the version of Windows (Windows 10, Windows 7 or Windows 8.1) installed on your PC prior to upgrading to the latest version of Windows 10 or Windows 7 / 8.1 1) Click on Start > Settings > 2) In the Windows Setting options click on Update & security 3) In the column of option on the left side of Windows Update click on the 'Recovery' option. 4) Click on 'Get started' to start the Recovery / Rollback process 5) Etc.
Your company has a hybrid configuration of Microsoft Azure Active Directory (Azure AD). Your company also has a Microsoft 365 subscription. After creating a conditional access policy for Microsoft Exchange Online, you are tasked with configuring the policy to block access to Exchange Online. However, the policy should allow access for hybrid Azure AD-joined devices Solution: You should configure the Device platforms settings. Does the solution meet the goal? Yes or No
No Explanation Within a Conditional Access policy, an administrator can make use of signals from conditions like risk, device platform, or location to enhance their policy decisions. Client apps - By default, all newly created Conditional Access policies will apply to all client app types even if the client apps condition isn't configured. These conditions are commonly used when requiring a managed device, blocking legacy authentication, and blocking web applications but allowing mobile or desktop apps.
You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in the following. Name Role User1 None User2 Global administrator User3 Cloud device administrator User4 Intune administrator You configure the following device settings for the tenant: Users may join devices to Azure AD: User1 Additional local administrators on Azure AD joined devices: None You install Windows 10 on a computer named Computer1. You need to identify which users can join Computer1 to adatum.com, and which users will be added to the Administrators group after joining adatum.com. Which users should you identify? Users who can join Computer1 to adatum.com: Users who will be added to the Administrators group after joining adatum.com:
Users who can join Computer1 to adatum.com: User 1 only Users who will be added to the Administrators group after joining: User1 and User2 only Explanation Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
You have a Microsoft 365 subscription. You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD). You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD. You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers. Solution: You configure Enterprise State Roaming. Does this meet the goal? Yes or No
Yes Explanation Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device.