MD-102
You install a feature update on a computer that runs Windows 10. How many days do you have to roll back the update? A. 5 B. 10 C. 14 D. 30
B. 10
You have an Azure AD group named Group1. Group1 contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign Profile1 to Group1. You need to ensure that Profile1 applies to Device1 only. What should you modify in Profile1? A. Assignments B. Settings C. Scope (Tags) D. Applicability Rules
A. Assignments
You need to assign the same deployment profile to all the computers that are configured by using Windows Autopilot. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create an Azure AD group that has dynamic membership rules and uses the ZTDID tag. B. Create an Azure AD group that has dynamic membership rules and uses the operatingSystem tag. C. Assign a Windows Autopilot deployment profile to a group. D. Join the computers to Azure AD. E. Create a Group Policy object (GPO) that is linked to a domain. F. Join the computers to an on-premises Active Directory domain.
A and C
You have a Microsoft 365 E5 subscription and 100 unmanaged iPad devices. You need to deploy a specific iOS update to the devices. Users must be prevented from manually installing a more recent version of iOS. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create a device configuration profile. B. Enroll the devices in Microsoft Intune by using the Intune Company Portal. C. Create a compliance policy. D. Create an iOS app provisioning profile. E. Enroll the devices in Microsoft Intune by using Apple Business Manager.
A and E
You have a Microsoft 365 subscription that contains a user named User1. User1 is assigned a Windows 10/11 Enterprise E3 license. You use Microsoft Intune Suite to manage devices. User1 activates the following devices: • Device1: Windows 11 Enterprise • Device2: Windows 10 Enterprise • Device3: Windows 11 Enterprise How many more devices can User1 activate? A. 2 B. 3 C. 7 D. 8
A. 2
You have a Microsoft 365 E5 subscription that contains a user named User1 and uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. You have a device named Devic1 that is enrolled in Intune. You need to ensure that User1 can use Remote Help from the Intune admin center for Device1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Deploy the Remote Help app to Device1. B. Assign the Help Desk Operator role to User1. C. Assign the Intune Administrator role to User1. D. Assign a Microsoft 365 E5 license to User1. E. Rerun device onboarding on Device1. F. Assign the Remote Help add-on license to User1.
A, B and F
You need to implement mobile device management (MDM) for personal devices that run Windows 11. The solution must meet the following requirements: • Ensure that you can manage the personal devices by using Microsoft Intune. • Ensure that users can access company data seamlessly from their personal devices. • Ensure that users can only sign in to their personal devices by using their personal account. What should you use to add the devices to Azure AD? A. Azure AD registered B. hybrid Azure AD join C. Azure AD joined
A. Azure AD registered
You have a Microsoft 365 E5 subscription and 25 Apple iPads. You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method. What should you do first? A. Configure an Apply MDM push certificate. B. Add your user account as a device enrollment manager (DEM). C. Modify the enrollment restrictions. D. Upload a file that has the device identifiers for each iPad.
A. Configure an Apply MDM push certificate.
You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune. You need to enable self-service password reset on the sign-in screen. Which settings should you configure from the Microsoft Intune admin center? A. Device configuration B. Device enrollment C. Conditional access D. Device compliance
A. Device configuration
You have a Microsoft 365 subscription that contains 100 devices enrolled in Microsoft Intune. You need to review the startup processes and how often each device restarts. What should you use? A. Endpoint analytics B. Device Management C. Azure Monitor D. Intune Data Warehouse
A. Endpoint analytics
You use the Microsoft Deployment Toolkit (MDT) to manage Windows 11 deployments. From Deployment Workbench, you modify the WinPE settings and add PowerShell support. You need to generate a new set of WinPE boot image files that contain the updated settings. What should you do? A. From the Deployment Shares node, update the deployment share. B. From the Advanced Configuration node, create new media. C. From the Packages node, import a new operating system package. D. From the Operating Systems node, import a new operating system.
A. From the Deployment Shares node, update the deployment share.
You have a Microsoft 365 tenant. You have devices enrolled in Microsoft Intune. You assign a conditional access policy named Policy1 to a group named Group1. Policy1 restricts devices marked as noncompliant from accessing Microsoft OneDrive for Business. You need to identify which noncompliant devices attempt to access OneDrive for Business. What should you do? A. From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook. B. From the Microsoft Intune admin center, review Device compliance report. C. From the Microsoft Intune admin center, review the Noncompliant devices report. D. From the Microsoft Intune admin center, review the Setting compliance report.
A. From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.
You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace. You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup. You need to ensure that you can use Log Analytics to query events from Computer1. What should you do on Computer1? A. Join Azure AD. B. Configure Windows Defender Firewall. C. Create an event subscription D. Install the Azure Monitor Agent.
A. Join Azure AD.
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage Windows 11 devices. You need to implement passwordless authentication that requires users to use number matching. Which authentication method should you use? A. Microsoft Authenticator B. voice calls C. FIDO2 security keys D. text messages
A. Microsoft Authenticator
You have 25 computers that run Windows 10 Pro. You have a Microsoft 365 E5 subscription that uses Microsoft Intune. You need to upgrade the computers to Windows 11 Enterprise by using an in-place upgrade. The solution must minimize administrative effort. What should you use? A. Microsoft Deployment Toolkit (MDT) and a default image of Windows 11 Enterprise B. Microsoft Configuration Manager and a custom image of Windows 11 Enterprise C. Windows Autopilot D. Subscription Activation
A. Microsoft Deployment Toolkit (MDT) and a default image of Windows 11 Enterprise
Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10. On Computer1, you need to run the Invoke-Command cmdlet to execute several PowerShell commands on Computer2. What should you do first? A. On Computer2, run the Enable-PSRemoting cmdlet. B. On Computer2, add Computer1 to the Remote Management Users group. C. From Active Directory, configure the Trusted for Delegation setting for the computer account of Computer2. D. On Computer1, run the New-PSSession cmdlet.
A. On Computer2, run the Enable-PSRemoting cmdlet.
You have a Microsoft Deployment Toolkit (MDT) deployment share. You plan to deploy Windows 11 by using the Standard Client Task Sequence template. You need to modify the task sequence to perform the following actions: • Format disks to support Unified Extensible Firmware Interface (UEFI). • Create a recovery partition. Which phase of the task sequence should you modify? A. Preinstall B. PostInstall C. Install D. Initialization
A. Preinstall
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune. You plan to use Intune to deploy an application named App1 that contains multiple installation files. What should you do first? A. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool. B. Create an Android application package (APK). C. Upload the contents of App1 to Intune. D. Install the Microsoft Deployment Toolkit (MDT).
A. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool.
You have an Azure AD tenant named contoso.com. You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com. What should you configure? A. Windows Autopilot B. provisioning packages for Windows C. Security defaults in Azure AD D. Device settings in Azure AD
A. Windows Autopilot
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices. When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin. You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com. Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you create and as
A. Yes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices. When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin. You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com. Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the
A. Yes
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been offline for 30 days. You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained. What should you use? A. a Delete action B. a Retire action C. a Fresh Start action D. an Autopilot Reset action
A. a Delete action
You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft Intune. You need to configure Delivery Optimization on the devices to meet the following requirements: Allow downloads from the internet and from other computers on the local network. Limit the percentage of used bandwidth to 50. What should you use? A. a configuration profile B. a Windows Update for Business Group Policy setting C. a Microsoft Peer-to-Peer Networking Services Group Policy setting D. an Update ring for Windows 10 and later profile
A. a configuration profile
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. Auto-enrollment in Intune is configured. You have 100 Windows 11 devices in a workgroup. You need to connect the devices to the corporate wireless network and enroll 100 new Windows 11 devices in Intune. What should you use? A. a provisioning package B. a Group Policy Object (GPO) C. mobile device management (MDM) automatic enrollment D. a device configuration policy
A. a provisioning package
You plan to deploy Windows 11 Pro to 200 new computers by using the Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS). The company has a Volume Licensing Agreement and uses a product key to activate Windows 11. You need to ensure that the new computers will be configured to have the correct product key during the installation. What should you configure? A. an MDT task sequence B. the Device settings in Azure AD C. a WDS boot image D. a Windows Autopilot deployment profile
A. an MDT task sequence
Your company uses Microsoft Intune. More than 500 Android and iOS devices are enrolled in the Intune tenant. You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device. You need to ensure that the policies can target the devices based on their version of Android or iOS. What should you configure first? A. groups that have dynamic membership rules in Azure AD B. Device categories in Intune C. Corporate device identifiers in Intune D. Device settings in Azure AD
A. groups that have dynamic membership rules in Azure AD
You have a Microsoft 365 subscription. You plan to use Windows Autopilot to provision 25 Windows 11 devices. You need to configure the Out-of-box experience (OOBE) settings. What should you create in the Microsoft Intune admin center? A. an enrollment status page (ESP) B. a deployment profile C. a compliance policy D. a PowerShell script E. a configuration profile
B. a deployment profile
You have a Microsoft 365 subscription that includes Microsoft Intune. You have 500 corporate-owned Android devices enrolled as fully managed devices. You need to prepare an app named App1 for deployment to the devices. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. From the Intune Company Portal, download App1. B. Sync App1 with Intune. C. From the Managed Google Play Store, approve App1. D. Create an OEMConfig profile.
B and C
Your company uses Microsoft Intune to manage devices. You need to ensure that only Android devices that use Android work profiles can enroll in Intune. Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. From Platform Settings, set Android device administrator Personally Owned to Block. B. From Platform Settings, set Android Enterprise (work profile) to Allow. C. From Platform Settings, set Android device administrator Personally Owned to Allow. D. From Platform Settings, set Android device administrator to Block.
B and D
You have an Azure AD tenant named contoso.com. You plan to purchase 25 computers that run Windows 11. You plan to deliver the computers directly to users. You need to ensure that during the out-of-box experience (OBE), users are prompted to sign in, and then the computers are configured to use Microsoft Intune. Which two components should you configure? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. a provisioning package B. automatic enrollment C. an unattend.xml answer file D. a Windows Autopilot deployment profile for self-deploying mode E. a Windows Autopilot deployment profile for user-driven mode
B and E
You have 200 computers that run Windows 10 and are joined to an Active Directory domain. You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Enable the Allow Remote Shell access setting. B. Enable the Allow remote server management through WinRM setting. C. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic. D. Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting. E. Set the Startup Type of the Remote Registry service to Automatic. F. Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.
B, C and F
You have a Microsoft 365 subscription that uses Microsoft Intune. You have five new Windows 11 Pro devices. You need to prepare the devices for corporate use. The solution must meet the following requirements: • Install Windows 11 Enterprise on each device. • Install a Windows Installer (MSI) package named App1 on each device. • Add a certificate named Certificate1 that is required by App1. • Join each device to Azure AD. Which three provisioning options can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. subscription activation B. a custom Windows image C. an in-place upgrade D. Windows Autopilot E. provisioning packages
B, D and E
You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune. You need to deploy a custom line-of-business (LOB) app to the devices by using Intune. Which extension should you select for the app package file? A. .intunemac B. .ipa C. .apk D. .appx
B. .ipa
You manage 1,000 devices by using Microsoft Intune. You review the Device compliance trends report. For how long will the report display trend data? A. 30 days B. 60 days C. 90 days D. 365 days
B. 60 days
You have a Microsoft 365 subscription. You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least privilege. Which role should you assign to the user? A. Global Administrator B. Conditional Access Administrator C. Security Administrator D. Intune Administrator
B. Conditional Access Administrator
You have a Microsoft 365 E5 subscription that contains 1,000 Windows 11 devices. All the devices are enrolled in Microsoft Intune. You plan to integrate Intune with Microsoft Defender for Endpoint. You need to establish a service-to-service connection between Intune and Defender for Endpoint. Which settings should you configure in the Microsoft Intune admin center? A. Premium add-ons B. Connectors and tokens C. Tenant enrollment D. Microsoft Tunnel Gateway
B. Connectors and tokens
You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1. In the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models. You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models. What should you do first? A. Import an OS package. B. Create a selection profile. C. Add a Gather task to the task sequence. D. Add a Validate task to the task sequence.
B. Create a selection profile.
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. All devices are in the same time zone. You create an update rings policy and assign the policy to all Windows devices. On the November 1, you pause the update rings policy. All devices remain online. Without further modification to the policy, on which date will the devices next attempt to update? A. December 1 B. December 6 C. November 15 D. November 22
B. December 6
You have a computer named Computer1 that runs Windows 11. A user named User1 plans to use Remote Desktop to connect to Computer1. You need to ensure that the device of User1 is authenticated before the Remote Desktop connection is established and the sign in page appears. What should you do on Computer1? A. Turn on Reputation-based protection B. Enable Network Level Authentication (NLA) C. Turn on Network Discovery D. Configure the Remote Desktop Configuration service
B. Enable Network Level Authentication (NLA)
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 11. You need to enable the Windows Remote Management (WinRM) service on Computer1 and perform the following configurations: • For the WinRM service, set Startup type to Automatic. • Create a listener that accepts requests from any IP address. • Enable a firewall exception for WS-Management communications. Which PowerShell cmdlet should you use? A. Connect-WSMan B. Enable-PSRemoting C. Invoke-WSManAction D. Enable-PSSessionConfiguration
B. Enable-PSRemoting
You have a workgroup computer named Client1 that runs Windows 11 and connects to a public network. You need to enable PowerShell remoting on Client1. The solution must ensure that PowerShell remoting connections are accepted from the local subnet only. Which PowerShell command should you run? A. Set-PSSessionConfiguration -AccessMode Local B. Enable-PSRemoting -SkipNetworkProfileCheck C. Enable-PSRemoting -Force D. Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any
B. Enable-PSRemoting -SkipNetworkProfileCheck
You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune. You need to review the servicing status of a computer. What should you do? A. From Device configuration - Profiles, view the device status. B. From Software updates, view the Per update ring deployment state. C. From Software updates, view the audit logs. D. From Device compliance, view the device compliance.
B. From Software updates, view the Per update ring deployment state.
You have a hybrid deployment of Azure AD that contains 50 Windows 10 devices. All the devices are enrolled in Microsoft Intune. You discover that Group Policy settings override the settings configured in Microsoft Intune policies. You need to ensure that the settings configured in Microsoft Intune override the Group Policy settings. What should you do? A. From Group Policy Management Editor, configure the Computer Configuration settings in the Default Domain Policy. B. From the Microsoft Intune admin center, create a custom device profile. C. From the Microsoft Intune admin center, create an Administrative Templates device profile. D. From Group Policy Management Editor, configure the User Configuration settings in the Default Domain Policy.
B. From the Microsoft Intune admin center, create a custom device profile.
You use Microsoft Defender for Endpoint to protect computers that run Windows 10. You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline. Which tool should you use? A. Microsoft Defender for Endpoint Power BI app B. Microsoft Secure Score C. Endpoint Analytics D. Microsoft 365 Defender portal
B. Microsoft Secure Score
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices. When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin. You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com. Solution: From the Microsoft Entra admin center, you configure the Authentication methods. Does this meet the goal? A. Yes B. No
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices. When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin. You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com. Solution: From the Microsoft Entra admin center, you modify the User settings and the Device settings. Does this meet the goal? A. Yes B. No
B. No
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to deploy and manage Windows devices. You have 100 devices from users that left your company. You need to repurpose the devices for new users by removing all the data and applications installed by the previous users. The solution must minimize administrative effort. What should you do? A. Deploy a new configuration profile to the devices. B. Perform a Windows Autopilot reset on the devices. C. Perform an in-place upgrade on the devices. D. Perform a clean installation of Windows 11 on the devices.
B. Perform a Windows Autopilot reset on the devices.
You are replacing 100 company-owned Windows devices. You need to use the Microsoft Deployment Toolkit (MDT) to securely wipe and decommission the devices. The solution must meet the following requirements: • Back up the user state. • Minimize administrative effort. Which task sequence template should you use? A. Standard Client Task Sequence B. Standard Client Replace Task Sequence C. Litetouch OEM Task Sequence D. Sysprep and Capture
B. Standard Client Replace Task Sequence
You have a Microsoft 365 subscription. You use app protection policies to protect corporate data on Android devices. You need to ensure that any user connecting from an Android device can only access the corporate data if they connect from an app that supports mobile application management (MAM). What should you configure? A. an app configuration policy B. a Conditional Access policy C. a device configuration profile D. a device compliance policy
B. a Conditional Access policy
You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite. You use Microsoft Intune to manage devices that run Windows 11. You need to remove User1 from the local Administrators group on all enrolled devices. What should you configure? A. a device compliance policy B. an account protection policy C. an app configuration policy
B. an account protection policy
You have a Microsoft 365 subscription that includes Microsoft Intune. You have an update ring named UpdateRing1 that contains the following settings: • Automatic update behavior: Auto install and restart at a scheduled time• Automatic behavior frequency: First week of the month • Scheduled install day: Tuesday • Scheduled install time: 3 AM From the Microsoft Intune admin center, you select Uninstall for the feature updates of UpdateRing1. When will devices start to remove the feature updates? A. when a user approves the uninstall B. as soon as the policy is received C. next Tuesday D. the first Tuesday of the next month
B. as soon as the policy is received
You use a Microsoft Intune subscription to manage iOS devices. You configure a device compliance policy that blocks jailbroken iOS devices. You need to enable Enhanced jailbreak detection. What should you configure? A. the Compliance policy settings B. the device compliance policy C. a network location D. a configuration profile
B. the device compliance policy
You have a Microsoft Intune subscription associated to an Azure AD tenant named contoso.com. Users use one of the following three suffixes when they sign in to the tenant: us.contoso.com, eu.contoso.com, or contoso.com. You need to ensure that the users are NOT required to specify the mobile device management (MDM) enrollment URL as part of the enrollment process. The solution must minimize the number of changes. Which DNS records do you need? A. one TXT record only B. three CNAME records C. three TXT records D. one CNAME record only
B. three CNAME records
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace. Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. failure events from the Security log B. the list of processes and their execution times C. the average processor utilization D. error events from the System log E. third-party application logs stored as text files
C, D and E
A technician needs to document who had possession of evidence at every step of the process. Which of the following does this process describe? A. Rights management B. Audit trail C. Chain of custody D. Data integrity
C. Chain of custody
You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune. You plan to use Endpoint analytics. You need to create baseline metrics. What should you do first? A. Modify the Baseline regression threshold. B. Onboard 10 devices to Endpoint analytics. C. Create a Log Analytics workspace. D. Create an Azure Monitor workbook.
C. Create a Log Analytics workspace.
You are creating a device configuration profile in Microsoft Intune. You need to configure specific OMA-URI settings in the profile. Which profile type template should you use? A. Device restrictions (Windows 10 Team) B. Identity protection C. Custom D. Device restrictions
C. Custom
Your network contains an Active Directory domain. The domain contains 10 computers that run Windows 10. Users in the finance department use the computers. You have a computer named Computer1 that runs Windows 10. From Computer1, you plan to run a script that executes Windows PowerShell commands on the finance department computers. You need to ensure that you can run the PowerShell commands on the finance department computers from Computer. What should you do on the finance department computers? A. From Windows PowerShell, run the Enable-MMAgent cmdlet. B. From the local Group Policy, enable the Allow Remote Shell Access setting. C. From Windows PowerShell, run the Enable-PSRemoting cmdlet. D. From the local Group Policy, enable the Turn on Script Execution setting.
C. From Windows PowerShell, run the Enable-PSRemoting cmdlet.
You have a Windows 10 device named Computer1 enrolled in Microsoft Intune. You need to configure Computer1 as a public workstation that will run a single customer-facing, full-screen application. Which configuration profile type template should you use in Microsoft Intune admin center? A. Shared multi-user device B. Device restrictions C. Kiosk D. Endpoint protection
C. Kiosk
You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 11. You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 11 Enterprise to new computers. The computers have a single hard disk. You need to modify the task sequence to create a system volume and a data volume. Which phase should you modify in the task sequence? A. Initialization B. State Restore C. Preinstall D. Postinstall
C. Preinstall
You have an on-premises server named Server1 that hosts a Microsoft Deployment Toolkit (MDT) deployment share named MDT1. You need to ensure that MDT1 supports multicast deployments. What should you install on Server1? A. Multipath I/O (MPIO) B. Multipoint Connector C. Windows Deployment Services (WDS) D. Windows Server Update Services (WSUS)
C. Windows Deployment Services (WDS)
You have an Azure subscription. You have an on-premises Windows 11 device named Device1. You plan to monitor Device1 by using Azure Monitor. You create a data collection rule (DCR) named DCR1 in the subscription. To what should you associate DCR1? A. Azure Network Watcher B. Device1 C. a Log Analytics workspace D. a Monitored Object
C. a Log Analytics workspace
Your company standardizes on Windows 10 Enterprise for all users. Some users purchase their own computer from a retail store. The computers run Windows 10 Pro. You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to Azure AD, and install several Microsoft Store apps. The solution must meet the following requirements: Ensure that any applications installed by the users are retained. Minimize user intervention. What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. Windows Autopilot B. Microsoft Deployment Toolkit (MDT) C. a Windows Configuration Designer provisioning package D. Windows Deployment Services (WDS)
C. a Windows Configuration Designer provisioning package
Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune. Currently, Windows updates are downloaded without using Delivery Optimization. You need to configure the computers to use Delivery Optimization .What should you create in Intune? A. a device compliance policy B. a Windows 10 update ring C. a device configuration profile D. an app protection policy
C. a device configuration profile
You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite. You use Microsoft Intune to manage devices that run Windows 11. User provides remote support for 75 devices in the marketing department. You need to add User1 to the Remote Desktop Users group on each marketing department device. What should you configure? A. an app configuration policy B. a device compliance policy C. an account protection policy D. a device configuration profile
C. an account protection policy
You have a Microsoft 365 subscription that contains 1,000 iOS devices and includes Microsoft Intune. You need to prevent the printing of corporate data from managed apps on the devices. What should you configure? A. an app configuration policy B. a security baseline C. an app protection policy D. an iOS app provisioning profile
C. an app protection policy
You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune. You need to onboard the devices to Microsoft Defender for Endpoint. What should you create in the Microsoft Intune admin center? A. an attack surface reduction (ASR) policy B. a security baseline C. an endpoint detection and response (EDR) policy D. an account protection policy E. an antivirus policy
C. an endpoint detection and response (EDR) policy
You have the Microsoft Deployment Toolkit (MDT) installed. You install and customize Windows 11 on a reference computer. You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers. Which command should you run before you capture the image? A. dism B. wpeinit C. sysprep D. bcdedit
C. sysprep
Your network contains an Active Directory domain named contoso.com. The domain contains 25 computers that run Windows 11. You have a Microsoft 365 subscription You have an Azure AD tenant that syncs with contoso.com. You configure hybrid Azure AD join and discover that some of the computers have a registered state of Pending. You need to ensure that the computers complete the join successfully. What should you ensure? A. that Windows is activated on all the computers B. that the users of the computers are assigned Microsoft 365 licenses C. that each computer has a line of sight to a domain controller D. that the computers contain the latest quality updates
C. that each computer has a line of sight to a domain controller
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. You use Windows Autopilot to deploy Windows 11 to devices. A support engineer reports that when a deployment fails, they cannot collect deployment logs from failed device. You need to ensure that when a deployment fails, the deployment logs can be collected. What should you configure? A. the automatic enrollment settings B. the Windows Autopilot deployment profile C. the enrollment status page (ESP) profile D. the device configuration profile
C. the enrollment status page (ESP) profile
You have a Microsoft 365 subscription. All devices run Windows 10. You need to prevent users from enrolling the devices in the Windows Insider Program. What two configurations should you perform from the Microsoft Intune admin center? Each correct answer is a complete solution. NOTE: Each correct selection is worth one point. A. a device restrictions device configuration profile B. an app configuration policy C. a Windows 10 and later security baseline D. a custom device configuration profile E. a Windows 10 and later update ring
D and E
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune. You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative effort. Which two actions should you perform? Each correct answer presents part of the solution. B. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings. C. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings. D. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings. E. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings.
D and E
Your company has a Microsoft 365 subscription. All the users in the finance department own personal devices that run iOS or Android. All the devices are enrolled in Microsoft Intune. The finance department adds new users each month. The company develops a mobile application named App1 for the finance department users. You need to ensure that only the finance department users can download App1. What should you do first? A. Register App1 in Azure AD. B. Add App1 to the vendor stores for iOS and Android applications. C. Add App1 to a Microsoft Deployment Toolkit (MDT) deployment share. D. Add App1 to Intune.
D. Add App1 to Intune.
You have a Microsoft 365 E5 subscription. You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy. What should you select in the Microsoft Intune admin center? A. Reports, and then Device compliance B. Apps, and then App protection policies C. Devices, and then Monitor D. Apps, and then Monitor
D. Apps, and then Monitor
You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is enrolled in Microsoft Intune. You need to configure the devices to run a single app in kiosk mode. Which Configuration settings should you modify in the device restrictions profile? A. Users and Accounts B. General C. System security D. Device experience
D. Device experience
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. You need to review the startup times and restart frequencies of the devices. What should you use? A. Azure Monitor B. Intune Data Warehouse C. Microsoft Defender for Endpoint D. Endpoint analytics
D. Endpoint analytics
You have a Microsoft 365 subscription. You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM). You need to deploy the Microsoft 365 Apps for enterprise suite to all the computers. What should you do? A. From the Microsoft Intune admin center, create a Windows 10 device profile. B. From Azure AD, add an app registration. C. From Azure AD, add an enterprise application. D. From the Microsoft Intune admin center, add an app.
D. From the Microsoft Intune admin center, add an app.
You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune. You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort. What should you do? A. Onboard the macOS devices to the Microsoft Purview compliance portal. B. From the Microsoft Intune admin center, create a security baseline. C. Install Defender for Endpoint on the macOS devices. D. From the Microsoft Intune admin center, create a configuration profile.
D. From the Microsoft Intune admin center, create a configuration profile.
You have a Microsoft 365 subscription that uses Microsoft Intune. You need to ensure that you can deploy apps to Android Enterprise devices. What should you do first? A. Create a configuration profile. B. Add a certificate connector. C. Configure the Partner device management settings. D. Link your managed Google Play account to Intune.
D. Link your managed Google Play account to Intune.
You have computers that run Windows 10 and are managed by using Microsoft Intune. Users store their files in a folder named D:\Folder1. You need to ensure that only a trusted list of applications is granted write access to D:\Folder1. What should you configure in the device configuration profile? A. Microsoft Defender Exploit Guard B. Microsoft Defender Application Guard C. Microsoft Defender SmartScreen D. Microsoft Defender Application Control
D. Microsoft Defender Application Control
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 100 client computers that run Windows 10. Currently, your company does NOT have a deployment infrastructure. The company purchases Windows 11 licenses through a volume licensing agreement. You need to recommend how to upgrade the computers to Windows 11. The solution must minimize licensing costs. What should you include in the recommendation? A. Windows Autopilot B. Configuration Manager C. subscription activation D. Microsoft Deployment Toolkit (MDT)
D. Microsoft Deployment Toolkit (MDT)
You use Microsoft Intune and Intune Data Warehouse. You need to create a device inventory report that includes the data stored in the data warehouse. What should you use to create the report? A. the Company Portal app B. Endpoint analytics C. the Azure portal app D. Microsoft Power BI
D. Microsoft Power BI
Your network contains an Active Directory domain. The domain contains a user named Admin1. All computers run Windows 10. You enable Windows PowerShell remoting on the computers. You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least privilege. To which group should you add Admin1? A. Access Control Assistance Operators B. Remote Desktop Users C. Power Users D. Remote Management Users
D. Remote Management Users
You have computers that run Windows 11 Pro. The computers are joined to Azure AD and enrolled in Microsoft Intune. You need to upgrade the computers to Windows 11 Enterprise. What should you configure in Intune? A. a device compliance policy B. a device cleanup rule C. a device enrollment policy D. a device configuration profile
D. a device configuration profile
You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune. You need to ensure that notifications of iOS updates are deferred for 30 days after the updates are released. What should you create? A. an iOS app provisioning profile B. a device configuration profile based on the Device features templates C. an update policy for iOS/iPadOS D. a device configuration profile based on the Device restrictions template
D. a device configuration profile based on the Device restrictions template
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices. You need to ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center. What should you configure? A. the Azure Monitor agent B. a device compliance policy C. a Conditional Access policy D. an Intune data collection policy
D. an Intune data collection policy
You have a Microsoft 365 subscription that contains 500 Android Enterprise devices. All the devices are enrolled in Microsoft Intune. You need to deliver bookmarks to the Chrome browser on the devices. What should you create? A. a compliance policy B. a configuration profile C. an app protection policy D. an app configuration policy
D. an app configuration policy
Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection. The company's security policy states the following: • Personal devices do not need to be enrolled in Intune. • Users must authenticate by using a PIN before they can access corporate email data. • Users can use their personal iOS and Android devices to access corporate cloud services. • Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business. You need to configure a solution to enforce the security policy. What should you create? A. a device configuration profile from the Microsoft Intune admin center B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal C. an insider risk management policy from the Microsoft Purview compliance portal D. an app protection policy from the Microsoft Intune admin center
D. an app protection policy from the Microsoft Intune admin center
You have a Microsoft 365 subscription that includes Microsoft Intune. You plan to use Windows Autopilot to deploy Windows 11 devices. You need to meet the following requirements during Autopilot provisioning: • Display the app and profile configuration progress. • Block users from using the devices until all apps and profiles are installed What should you configure? A. an app configuration policy B. an app protection policy C. an enrollment device platform restriction D. an enrollment status page
D. an enrollment status page
You have a Microsoft 365 E5 subscription and 100 computers that run Windows 10. You need to deploy Microsoft Office Professional Plus 2019 to the computers by using Microsoft Office Deployment Tool (ODT). What should you use to create a customization file for ODT? A. the Microsoft 365 admin center B. the Microsoft Intune admin center C. the Microsoft Purview compliance portal D. the Microsoft 365 Apps admin center
D. the Microsoft 365 Apps admin center
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage Windows 11 devices. You create a new policy set named Set and add five device configuration profiles for Windows 10 and later. You create a device compliance policy named Policy1. You need to ensure that when users are assigned the device configuration profiles in Set1, they are always assigned Policy1 also. What should you configure? A. the assignments of Policy1 B. the Policy1 configurations C. the assignments of Set1 D. the Set1 configurations
D. the Set1 configurations
You have an Azure AD tenant named contoso.com. You have a workgroup computer named Computer1 that runs Windows 11. You need to add Computer1 to contoso.com. What should you use? A. dsregcmd.exe B. Computer Management C. netdom.exe D. the Settings app
D. the Settings app
You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1. App1 must only accept modern authentication requests. You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings: Assignments - Users or workload identities: User 1Cloud apps or actions: App1 - Access controls - Grant: Block access - You need to block only legacy authentication requests to App1.Which condition should you add to CAPolicy1? A. Filter for devices B. Device platforms C. User risk D. Sign-in risk E. Client apps
E. Client apps
You have following types of devices enrolled in Microsoft Intune: • Windows 10 • Android • iOS For which types of devices can you create VPN profiles in Microsoft Intune admin center? A. Windows 10 only B. Windows 10 and Android only C. Windows 10 and iOS only D. Android and iOS only E. Windows 10, Android, and iOS
E. Windows 10, Android, and iOS
