Desktop Associate: MD-101 Managing Modern Desktops

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription.Contoso.com contains a user named [email protected] have a computer named Computer1 that runs Windows 8.1.You need to perform an in-place upgrade of Computer1 to Windows 10.Solution: You assign an Enterprise Mobility + Security license to User1. You instruct User1 to sign in to Computer1.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription.Contoso.com contains a user named [email protected] have a computer named Computer1 that runs Windows 8.1.You need to perform an in-place upgrade of Computer1 to Windows 10.Solution: You start Computer1 from the Windows 10 installation media and use the Install option.Does this meet the goal? A. Yes B. No

B. No

Your company has an Active Directory domain that includes a large number of Windows 10 computers.You have recently configured hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune in the environment.You want to make sure that all the current computers are automatically registered to Azure AD, as well as enrolled in Intune. The strategy that you employ should reduce the administrative effort required to achieve your goal.Which of the following actions should you take? A. You should make use of Windows Reset. B. You should make use of a Windows AutoPilot deployment profile. C. You should make use of a n Autodiscover service connection point (SCP). D. You should make use of a device configuration profile.

B. You should make use of a Windows AutoPilot deployment profile.

Your company has a large number of Android and iOS devices, which are enrolled in Intune.You are preparing to deploy new Intune policies will apply to devices, based on the version of Android or iOS that is being run.You are required to make sure that the policies are able to target the devices according to your plan.Which of the following actions should you take? A. You should start by accessing Intune and configuring corporate device identifiers. B. You should start by accessing Microsoft Azure Active Directory (Azure AD) and configuring Device settings. C. You should start by accessing Microsoft Azure Active Directory (Azure AD) and configuring Application settings. D. You should start by creating a distribution group.

B. You should start by accessing Microsoft Azure Active Directory (Azure AD) and configuring Device settings.

Your company has a Microsoft Azure Active Directory (Azure AD) tenant.The company has a Volume Licensing Agreement and uses a product key to activate Windows 10.You plan to deploy Windows 10 Pro to 200 new computers by using the Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).You need to ensure that the new computers will be configured to have the correct product key during the installation.What should you configure? A. a WDS boot image B. an MDT task sequence C. the Device settings in Azure AD D. a Windows AutoPilot deployment profile

B. an MDT task sequence

You have a Microsoft 365 tenant.You plan to enable Enterprise State Roaming.Which three types of data will sync across devices? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Microsoft Teams settings B. mouse settings C. Microsoft Edge Chromium settings D. internet passwords E. desktop theme settings

B. mouse settings D. internet passwords E. desktop theme settings

You use a Microsoft Intune subscription to manage iOS devices.You configure a device compliance policy that blocks jailbroken iOS devices.You need to enable Enhanced jailbreak detection.What should you configure? A. the device compliance policy B. the Compliance policy settings C. a network location D. a configuration profile

B. the Compliance policy settings

You have a Microsoft Azure Active Directory (Azure AD) tenant. All corporate devices are enrolled in Microsoft Intune.You have a web-based application named App1 that uses Azure AD to authenticate.You need to prompt all users of App1 to agree to the protection of corporate data when they access App1 from both corporate and noncorporate devices.What should you configure? A. Notifications in Device compliance B. Terms and Conditions in Device enrollment C. Terms of use in Conditional access D. an Endpoint protection profile in Device configuration

C. Terms of use in Conditional access

Your company has a Microsoft 365 subscription.The company uses Microsoft Intune to manage all devices.The company uses conditional access to restrict access to Microsoft 365 services for devices that do not comply with the company's security policies.You need to identify which devices will be prevented from accessing Microsoft 365 services.What should you use? A. The Device tab in Desktop Analytics. B. Microsoft Defender Security Center. C. The Device compliance blade in the Microsoft Endpoint Manager admin center. D. The Conditional access blade in the Azure Active Directory admin center.

C. The Device compliance blade in the Microsoft Endpoint Manager admin center.

All of your company's devices are managed via Microsoft Intune. conditional access is used to prevent devices that are not compliant with company security policies, from accessing Microsoft 365 services.You need to access Device compliance to view the non-compliant devices.Where should you access Device compliance from? A. System Center Configuration Manager B. Windows Defender Security Center. C. The Intune admin center. D. The Azure Active Directory admin center

C. The Intune admin center.

Your network contains an Active Directory domain. The functional level of the forest and the domain is Windows Server 2012 R2.The domain contains 500 computers that run Windows 10. All the computers are managed by using Microsoft System Center 2012 R2 Configuration Manager.You need to enable co-management.What should you do first? A. Deploy the Microsoft Intune client. B. Raise the forest functional level. C. Upgrade Configuration Manager to Current Branch. D. Raise the domain functional level.

C. Upgrade Configuration Manager to Current Branch.

Your company has an Active Directory domain, named weylandindustries.com. The domain is synced to Microsoft Azure Active Directory (Azure AD) and all company computers have been enrolled in Microsoft Intune.You are preparing to perform a Fresh Start action on certain company devices.Which of the following operating systems support the Fresh Start action? Choose all that apply. A. Windows Vista B. Windows 8.1 C. Windows 10 D. iOS

C. Windows 10

Your company makes use of Microsoft Intune to manage computers.You have been tasked with configuring Windows Hello for Business. You are preparing to create an Intune profile to achieve your goal.Which of the following is an operating system that supports Windows Hello for Business? A. Windows Vista B. Windows 8.1 C. Windows 10 D. macOS

C. Windows 10

You have a computer named Computer1 that runs Windows 8.1.You plan to perform an in-place upgrade of Computer1 to Windows 10 by using an answer file.You need to identify which tool to use to create the answer file.What should you identify? A. System Configuration (Msconfig.exe) B. Windows Configuration Designer C. Windows System Image Manager (Windows SIM) D. Windows Deployment Services (WDS)

C. Windows System Image Manager (Windows SIM)

You manage one hundred Microsoft Azure Active Directory (Azure AD) joined Windows 10 devices.You want to make sure that users are unable to join their home PC's to Azure AD.Which of the following actions should you take? A. You should configure the Enrollment restriction settings via the Device enrollment blade in the Intune admin center. B. You should configure the Enrollment restriction settings via the Security & Compliance admin center. C. You should configure the Enrollment restriction settings via the Azure Active Directory admin center. D. You should configure the Enrollment restriction settings via the Windows Defender Security Center.

C. You should configure the Enrollment restriction settings via the Azure Active Directory admin center

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd., is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/073a110746ee7de85f1d259b910e5016 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/b781067c30e4e935e186dc67ee96eac1 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionYou need to meet the requirements for the MKG department users.What should you do? A. Assign the MKG department users the Purchaser role in Microsoft Store for Business B. Download the APPX file for App1 from Microsoft Store for Business C. Add App1 to the private store D. Assign the MKG department users the Basic Purchaser role in Microsoft Store for Business E. Acquire App1 from Microsoft Store for Business

E. Acquire App1 from Microsoft Store for Business

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1. User1 has the device shown in the following table https://gyazo.com/09f7ea318e391a7e0773f79cecd8b220 Enterprise State Roaming is configured for User1.User1 signs in to Device4 and changes the desktop.You need to identify on which devices User1 will have a changed desktop.Which devices should you identify? A. Device1, Device2, Device3, and Device4 B. Device4 only C. Device2, Device3, and Device4 only D. Device2 and Device4 only E. Device3 and Device4 only

E. Device3 and Device4 only

You manage a Microsoft 365 environment that has co-management enabled.All computers run Windows 10 and are deployed by using the Microsoft Deployment Toolkit (MDT).You need to recommend a solution to deploy Microsoft Office 365 ProPlus to new computers. The latest version must always be installed. The solution must minimize administrative effort.What is the best tool to use for the deployment? More than one answer choice may achieve the goal. Select the BEST answer. A. Microsoft Intune B. Microsoft Deployment Toolkit C. Office Deployment Tool (ODT) D. a Group Policy object (GPO) E. Microsoft System Center Configuration Manager

E. Microsoft System Center Configuration Manager

You have an Azure Active Directory (Azure AD) tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative effort.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings. B. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings. C. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure Windows Defender Firewall with Advanced Security. D. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure Windows Defender Antivirus settings. E. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings. F. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings.

E. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings. F. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings.

You have an Azure Active Directory group named Group1. Group1 contains two Windows 10 Enterprise devices named Device1 and Device2.You create a device configuration profile named Profile1. You assign Profile1 to Group1.You need to ensure that Profile1 applies to Device1 only.What should you modify in Profile1? A. Scope (Tags) B. Settings C. Applicability Rules D. Assignments

D. Assignments

You have a hybrid Microsoft Azure Active Directory (Azure AD) tenant, a Microsoft System Center Configuration Manager (Current Branch) environment, and aMicrosoft 365 subscription.You have computers that run Windows 10 as shown in the following table. https://gyazo.com/3e083b8b8281cddaddce260e68a0acf0 You plan to use Microsoft 365 Device Management.Which computers support co-management by Configuration Manager and Device Management? A. Computer3 only B. Computer1 and Computer2 only C. Computer2 only D. Computer1, Computer2, and Computer3

D. Computer1, Computer2, and Computer3

You have been tasked with reusing a Windows 10 computer that was assigned to a user who is no longer with the company.The computer will be assigned to a new user. You plan to make use of Windows AutoPilot to redeploy the computer.Which of the following actions should you take FIRST? A. Reset the computer. B. Wipe the computer. C. Create a HTML file containing the computer info. D. Create a CSV file containing the computer info.

D. Create a CSV file containing the computer info.

Your network contains an on-premises Active Directory domain and an Azure Active Directory (Azure AD) tenant.The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table. https://gyazo.com/74ec217f3ccc46228f20be0814138173 You need to migrate the existing Default Domain Policy GPO settings to a device configuration profile.Which type of device configuration profile should you create? A. Custom B. Endpoint protection C. Administrative Templates D. Device restrictions

D. Device restrictions

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD).You have a Microsoft 365 subscription.You create a conditional access policy for Microsoft Exchange Online.You need to configure the policy to prevent access to Exchange Online unless a user is connecting from a device that is hybrid Azure AD-joined.Which settings should you configure? A. Locations B. Device platforms C. Sign-in risk D. Device state

D. Device state

Your company has a Microsoft 365 tenant.Users sign in to Windows 10 devices by using their Microsoft 365 account.On a computer, you open Sync your settings as shown in the exhibit. (Click the Exhibit tab.) https://gyazo.com/f0257d6f1c4f0b775c2d89e0365cb1f2 You need to set Sync settings to On.What should you do? A. Enable User Experience Virtualization (UE-V). B. Enable Windows Mobility Center. C. Disable Windows Hello for Business. D. Enable Enterprise State Roaming.

D. Enable Enterprise State Roaming.

You have a Microsoft Azure Log Analytics workplace that collects all the event logs from the computers at your company.You have a computer named Computer1 than runs Windows 10. You need to view the events collected from Computer1.Which query should you run in Log Analytics? A. Event | where Computer = = "Computer1" B. ETWEvent | where SourceSystem = = "Computer1" C. ETWEvent | where Computer = = "Computer1" D. Event | where SourceSystem = = "Computer1"

A. Event | where Computer = = "Computer1"

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/03c3a40c7761abdf38398a4ebaad0f4c The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/dcda69268486162875a4f524ba02c7a8 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionYou need to prepare for the deployment of the Phoenix office computers.What should you do first? A. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Endpoint Management admin center. B. Extract the serial number information of each computer to a XML file and upload the file from the Microsoft Endpoint Management admin center. C. Extract the serial number information of each computer to a CSV file and upload the file from the Microsoft Endpoint Management admin center. D. Generalize the computers and configure the Device settings from the Azure Active Directory admin center.

A. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Endpoint Management admin center.

Your company purchases new computers that run Windows 10. The computers have cameras that support Windows Hello for Business.You configure the Windows Hello for Business Group Policy settings as shown in the following exhibit. https://gyazo.com/42477de3722ef808472e55eca71dc5a1 What are two valid methods a user can use to sign in? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Facial recognition B. A smartwatch that is Bluetooth-enabled C. A PIN D. A USB key

A. Facial recognition C. A PIN

Your company plans to deploy tablets to 50 meeting rooms.The tablets run Windows 10 and are managed by using Microsoft Intune. The tablets have an application named App1.You need to configure the tablets so that any user can use App1 without having to sign in. Users must be prevented from using other applications on the tablets.Which device configuration profile type should you use? A. Kiosk B. Endpoint protection C. Identity protection D. Device restrictions

A. Kiosk

Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in MicrosoftIntune.You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed on the sign-in screen.Which of the following is a Device restriction setting that should be configured? A. Locked screen experience B. Personalization C. Display D. General

A. Locked screen experience

You have 100 computers that run Windows 8.1.You need to identify which computers can be upgraded to Windows 10.What should you use? A. Microsoft Assessment and Planning (MAP) Toolkit B. Update Compliance in Azure C. Windows Assessment Toolkit D. Microsoft Deployment Toolkit (MDT)

A. Microsoft Assessment and Planning (MAP) Toolkit

You have a shared computer that runs Windows 10.The computer is infected with a virus.You discover that a malicious TTF font was used to compromise the computer.You need to prevent this type of threat from affecting the computer in the future.What should you use? A. Microsoft Defender Exploit Guard B. Microsoft Defender Application Guard C. Microsoft Defender Credential Guard D. Microsoft Defender System Guard E. Microsoft Defender SmartScreen

A. Microsoft Defender Exploit Guard

Your company plans to deploy Windows 10 to devices that will be configured for English use and other devices that will be configured for Korean use.You need to create a single multivariant provisioning package for the planned devices.You create the provisioning package.What should you do next to add the language settings to the package? A. Modify the Customizations.xml file. B. Create a file named Languages.xml that contains a header for Korean. C. Modify the .ppkg file. D. Create a file named Languages.xml that contains a header for English.

A. Modify the Customizations.xml file.

You need to consider the underlined segment to establish whether it is accurate.To enable sideloading in Windows 10, you should navigate to the For developers setting via Update & Security in the Settings app.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required. B. Widows Insider C. Delivery Optimization D. Activation

A. No adjustment required.

Your company has an Active Directory domain, named weylandindustries.com, and a Microsoft Office 365 subscription. The domain is also synced to MicrosoftAzure Active Directory (Azure AD).All company computers are domain-joined, and are running the most recent Microsoft OneDrive sync client.You are currently configuring OneDrive group policy settings.Which of the following is the setting that will minimize the disk space consumed by a user profile, when enabled? A. OneDrive Files On-Demand B. Silently move known folders to OneDrive C. Prompt users to move Windows known folders to OneDrive D. Silently configure OneDrive using the primary Windows account

A. OneDrive Files On-Demand

You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 10.You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 10 Enterprise to new computers. The computers have a single hard disk.You need to modify the task sequence to create a system volume and a data volume.Which phase should you modify in the task sequence? A. Preinstall B. State Restore C. Initialization D. Postinstall

A. Preinstall

You have a Microsoft 365 tenant that uses Microsoft Intune for mobile device management (MDM).You associate a Microsoft Store for Business account with Intune.You purchase an app named App1 from the Microsoft Store for Business.You need to ensure that App1 can be deployed by using Intune.What should you do? A. Sync purchased apps from the Microsoft Store for Business. B. Integrate the Windows Autopilot Deployment Program into the Microsoft Store for Business. C. Create an app category in Intune. D. Create an app protection policy in Intune.

A. Sync purchased apps from the Microsoft Store for Business.

Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in MicrosoftIntune.You have been tasked with making sure that the has self-service password reset enabled on the logon screen. You have navigated to the Microsoft Intune blade.Which of the following is the setting you should configure? A. The Device configuration settings. B. The Device compliance settings C. The Windows AutoPilot deployment settings D. The App protection settings

A. The Device configuration settings.

Your network contains an Active Directory domain. The domain contains computers that run Windows 8.1 and the users shown in the following table. https://gyazo.com/9bc53747d6d03653eb279102432ba119 You plan to use the Microsoft Assessment and Planning (MAP) Toolkit to collect inventory data. The MAP Toolkit has the following configurations:✑ Inventory scenario: Windows computers✑ Discovery method: Use Active Directory Domain Services (AD DS)You need to identify which user to use for the MAP Toolkit inventory discovery. The solution must use principle of least privilege.What should you identify? A. User3 B. User1 C. User4 D. User2

A. User3

You are currently making use of the Antimalware Assessment solution in Microsoft Azure Log Analytics.You have accessed the Protection Status dashboard and find that there is a device that has no real time protection.Which of the following could be a reason for this occurring? A. Windows Defender has been disabled. B. You need to install the Azure Diagnostic extension. C. Windows Defender Credential Guard is incorrectly configured. D. Windows Defender System Guard is incorrectly configured.

A. Windows Defender has been disabled.

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.General Overview -Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.Existing Environment -Current Business Model -The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.Litware has a Microsoft Endpoint Configuration Manager deployment.During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.Current Environment -The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain isWindows Server 2012 R2. All domain controllers run Windows Server 2012 R2.Litware has the computers shown in the following table. https://gyazo.com/a5c0d67faa408853b021dafea55e48da The development department uses projects in Azure DevOps to build applications.Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to a different contractor. Currently, the computers are re-provisioned manually by the IT department.Problem Statements -Litware identifies the following issues on the network:Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.Re-provisioning the sales department computers is too time consuming.Requirements -Business Goals -Litware plans to transition to co-management for all the company-owned Windows 10 computers.Whenever possible, Litware wants to minimize hardware and software costs.Device Management Requirements -Litware identifies the following device management requirements:Prevent the sales department employees from forwarding email that contains bank account information.Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.Technical Requirements -Litware identifies the following technical requirements for the planned deployment:Re-provision the sales department computers by using Windows AutoPilot.Ensure that the projects in Azure DevOps can be accessed from the corporate network only.Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.Exhibits -Updates - https://gyazo.com/433ed78d11360d7f8134acdee6cdbeed QuestionWhat should you configure to meet the technical requirements for the Azure AD-joined computers? A. Windows Hello for Business from the Endpoint Management admin center. B. The Accounts options in an endpoint protection profile. C. The Password Policy settings in a Group Policy object (GPO). D. A password policy from the Microsoft 365 admin center.

A. Windows Hello for Business from the Endpoint Management admin center.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a hybrid configuration of Microsoft Azure Active Directory (Azure AD). Your company also has a Microsoft 365 subscription.After creating a conditional access policy for Microsoft Exchange Online, you are tasked with configuring the policy to block access to Exchange Online. However, the policy should allow access for hybrid Azure AD-joined devicesSolution: You should configure the Device state settings.Does the solution meet the goal? A. Yes B. No

A. Yes

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's environment includes a Microsoft 365 subscription.Users in the company's sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis.After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division users.Solution: You start by adding the application to Intune.Does the solution meet the goal? A. Yes B. No

A. Yes

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's environment includes a Microsoft 365 subscription.Users in the company's sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis.After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division usersSolution: You start by adding the application to Microsoft Store for Business.Does the solution meet the goal? A. Yes B. No

B. No

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's environment includes a Microsoft 365 subscription.Users in the company's sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis.After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division usersSolution: You start by assigning the application to a group.Does the solution meet the goal? A. Yes B. No

B. No

https://gyazo.com/3ad7caffbcb06c0fd7b25018f0f1db62 You plan to implement Desktop Analytics.You need to identify which devices support the following:✑ Compatibility insights✑ App usage insightsWhich devices should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/3bffc8600af256f160f4835a224e25dd

https://gyazo.com/028001c298d7c23eaa0c800d5efb4244

HOTSPOT -Your company has computers that run Windows 10 and are Microsoft Azure Active Directory (Azure AD)-joined.The company purchases an Azure subscription.You need to collect Windows events from the Windows 10 computers in Azure. The solution must enable you to create alerts based on the collected events.What should you create in Azure and what should you configure on the computers? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/fa9cf503cd4ccfec9d57df22542e258d

https://gyazo.com/041b24f0312bb0d9d15dc8c2c7cbcc12

https://gyazo.com/13a8c90fdc7c777f0516c18bb2e598da

https://gyazo.com/0a7cc05c9f67db16f320b9c67665b1c9

HOTSPOT -Your company has a computer named Computer1 that runs Windows 10 Pro.The company develops a proprietary Universal Windows Platform (UWP) app named App1. App1 is signed with a certificate from a trusted certification authority(CA).You need to sideload App1 to Computer1.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/663ef739c198550371c2055e501e2f31

https://gyazo.com/0e0cf5a40cc1a0ff33b773db22384a8f

https://gyazo.com/81c7e399b76957f742a0d48f8650cf28

https://gyazo.com/0ef1c94dff3481a93846282545903e73

HOTSPOT -You have a Microsoft Intune subscription.You are creating a Windows Autopilot deployment profile named Profile1 as shown in the following exhibit. Profile1 will be deployed to Windows 10 devices. https://gyazo.com/6864789583f990de8ba75426af0b1849 Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area:V https://gyazo.com/0c7b0517b28b00f4175d022cc79712be

https://gyazo.com/0f34ce75d8a999532cd78aa469f9e26f

HOTSPOT -You have a Microsoft 365 subscription.You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table. https://gyazo.com/705101ec631407eeb9872f4f1f802375 You need to configure device enrollment to meet the following requirements:✑ Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager.✑ Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment.Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/aa6a10f51d1c1a88741dd7319c1030b8

https://gyazo.com/0f5db31e37103c93220dc77fc0d289f4

DRAG DROP -You have a Microsoft Deployment Toolkit (MDT) deployment share that has a path of D:\MDTShare.You need to add a feature pack to the boot image.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

https://gyazo.com/0fa8c83f18cf921a8d215ca3b4488ec8

https://gyazo.com/d58a1f709b91b274cd2a51d3c4d2fd73

https://gyazo.com/0fd943d0f6fe0f62c571693941ac3d94

HOTSPOT -You have a Microsoft 365 tenant that uses Microsoft Intune to manage personal and corporate devices. The tenant contains three Windows 10 devices as shown in the following exhibit. https://gyazo.com/0cf4018c8266aa6e83972ede7699647f How will Intune classify each device after the devices are enrolled in Intune automatically? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/9081a2516e17d8979ccc05ea1cd7a710

https://gyazo.com/114318dea2513a03469e2ad754ac1890

HOTSPOT -You have 100 Windows 10 devices that are managed by using Microsoft Endpoint Manager.You plan to sideload an app to the devices.You need to configure Microsoft Endpoint Manager to enable sideloading.Which device profile type and setting should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/f76dcce2f4c631dbfedc906ed6c40d29

https://gyazo.com/12cf3fbd69c939e9e98ce4dae5bd88da

https://gyazo.com/5db8ac0be2f8a72b4f6ee1d1bbf0d052

https://gyazo.com/1980ad340488866bd9ca28803dfc025f

HOTSPOT -Your network contains an Active Directory domain named contoso.com. The domain contains 500 computers that run Windows 8.1. Some of the computers are used by multiple users.You plan to refresh the operating system of the computers to Windows 10.You need to retain the personalization settings to applications before you refresh the computers. The solution must minimize network bandwidth and network storage space.Which command should you run on the computers? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/ab4ea6fedc2c12b8417877d4eb3acba6

https://gyazo.com/199075f357596db1cbab99900867f1ae

DRAG DROP -You have a Microsoft Intune subscription that is configured to use a PFX certificate connector to an on-premises Enterprise certification authority (CA).You need to use Intune to configure autoenrollment for Android devices by using public key pair (PKCS) certificates.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: https://gyazo.com/0b42d8427387ce6a7b3af0665d4a4867

https://gyazo.com/19b94d0c3727dbaa8360ea0a02031e25

HOTSPOT -Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint includes the device groups shown in the following table. https://gyazo.com/ce86933a6f050cadb0514fa5072005b4 https://gyazo.com/c9b6c867458dc79b17b8debf27654d75

https://gyazo.com/1a4b0b34d4e66a2c13f8803d88f373d2

HOTSPOT -You have 200 computers that run Windows 10.You need to create a provisioning package to configure the following tasks:✑ Remove the Microsoft News and the Xbox Microsoft Store apps.✑ Add a VPN connection to the corporate network.Which two customizations should you configure? To answer, select the appropriate customizations in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/7ba97b6f3e9ad31d481010f69ff407e4

https://gyazo.com/1a4c50f8fc28947aa09b59b7a4d93f20

HOTSPOT -You have groups that use the Dynamic Device membership type as shown in the following table. https://gyazo.com/031940ac95dbaca5a78abbcbfe5c10f6 You are deploying Microsoft 365 apps.You have devices enrolled in Microsoft Intune as shown in the following table. https://gyazo.com/d2731839a9a89e3eabbd99636def584e In the Microsoft Endpoint Manager admin center, you create a Microsoft 365 Apps app as shown in the exhibit. (Click the Exhibit tab.) https://gyazo.com/fc98871bd10f53633aa888a58898b203 For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/c32a433c88cf0a1787f42dd935bb386a

https://gyazo.com/21554b12b32207168f06582fafe03fef

HOTSPOT -Your company has 1,000 Windows 10 devices that are enrolled in Windows Analytics.You need to view the following information:✑ The number of devices that are vulnerable to Spectre and Meltdown vulnerabilities✑ The number of devices that have Windows Defender real-time protection turned offWhich Windows Analytics solutions should you use? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/ab54ac4ced5da2d71418fc3fd3567e25

https://gyazo.com/2b2c2b9d9887b569a865f746bd6098b2

HOTSPOT -Your company uses Microsoft Endpoint Configuration Manager and purchases a Microsoft 365 subscription.You need to set up Desktop Analytics.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/d7eb3aad5878cc62fe96013bfcc4717d

https://gyazo.com/2de7527fa792792b2892151810a94c7b

DRAG DROP -Your company has a number of Windows 7 computers that you want to upgrade to Windows 10.The computers all have a single MBR disk, and a disabled TPM chip. Also, the computers have hardware virtualization disabled, Data Execution Prevention (DEP) enabled, and UEFI firmware running in BIOS mode.You have been tasked with making sure that Secure Boot can be used by the computers.Which of the following actions should you take? Answer by dragging the correct options from the list to the answer area. Choose two.Select and Place: https://gyazo.com/14dfb0808470816ec3594573b612f1ff

https://gyazo.com/2e183acdf6b272209c9c18b1e979b919

HOTSPOT -You have a Microsoft 365 E5 tenant that contains the users shown in the following table. https://gyazo.com/312f64bd68305ba6ed1d9d437566c836 You provision the private store in Microsoft Store for Business and assign Microsoft Store for Business roles to the users as shown in the following table. . https://gyazo.com/39a10a137de2e990b8fb98bad10b6717 You configure the following Shopping behavior settings for the Microsoft Store for Business:✑ Allow users to shop: Yes✑ Make everyone a Basic Purchaser: OffAllow app requests: On -✑ Shop offline apps: OffFor each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/0539b2f62040bde14b437a57550b31b0

https://gyazo.com/2fb017e79797696b0f6547cd624a58a0

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.General Overview -Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.Existing Environment -Current Business Model -The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.Litware has a Microsoft Endpoint Configuration Manager deployment.During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.Current Environment -The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain isWindows Server 2012 R2. All domain controllers run Windows Server 2012 R2.Litware has the computers shown in the following table. https://gyazo.com/a61daff7b37d691cc0415998dbf9b330 The development department uses projects in Azure DevOps to build applications.Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to a different contractor. Currently, the computers are re-provisioned manually by the IT department.Problem Statements -Litware identifies the following issues on the network:Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.Re-provisioning the sales department computers is too time consuming.Requirements -Business Goals -Litware plans to transition to co-management for all the company-owned Windows 10 computers.Whenever possible, Litware wants to minimize hardware and software costs.Device Management Requirements -Litware identifies the following device management requirements:Prevent the sales department employees from forwarding email that contains bank account information.Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.Technical Requirements -Litware identifies the following technical requirements for the planned deployment:Re-provision the sales department computers by using Windows AutoPilot.Ensure that the projects in Azure DevOps can be accessed from the corporate network only.Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.Exhibits -Updates - https://gyazo.com/9b98559217c3f1a46cb391938dfd52a9 QuestionHOTSPOT -You need to meet the OOBE requirements for Windows AutoPilot.Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/a339a7f81cc69e96fef95188591e388b

https://gyazo.com/380f4631e66a35c6c39721b5edb5db99

HOTSPOT -Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD).You have a Microsoft Office 365 subscription. All computers are joined to the domain and have the latest Microsoft OneDrive sync client (OneDrive.exe) installed.On all the computers, you configure the OneDrive settings as shown in the following exhibit. https://gyazo.com/913795a45611dac29fdcac92501b6119 Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/7d4f6a4109788410a0667e0f6f58f35f

https://gyazo.com/3987c3f27087a7b132a7d13854db5a15

DRAG DROP -Your company has a computer named Computer1 that runs Windows 10.Computer1 was used by a user who left the company.You plan to repurpose Computer1 and assign the computer to a new user. You need to redeploy Computer1 by using Windows AutoPilot.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place https://gyazo.com/fff53cbaa9059a536d3692b114d75d5f

https://gyazo.com/5f0706acc9f3643b4b1449b850e6ee9b

HOTSPOT -You have a Microsoft 365 tenant that uses Microsoft Intune to manage the devices shown in the following table. https://gyazo.com/bf98d8bd8b8abaedc74fc2b6f64aef93 You need to deploy a compliance solution that meets the following requirements:✑ Marks the devices as Not Compliant if they do not meet compliance policies✑ Remotely locks noncompliant devicesWhat is the minimum number of compliance policies required, and which devices support the remote lock action? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/05b3a7bb30e639899c82aa8d05bc3e91

https://gyazo.com/6216e387e695003ef362ceac45ea2879

HOTSPOT -You have a Microsoft 365 subscription.You need to configure access to Microsoft Office 365 for unmanaged devices. The solution must meet the following requirements:✑ Allow only the Microsoft Intune Managed Browser to access Office 365 web interfaces.✑ Ensure that when users use the Intune Managed Browser to access Office 365 web interfaces, they can only copy data to applications that are managed by the company.Which two settings should you configure from the Microsoft Intune blade? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/220458f5eeb38cf51ab8b6efc30528bd

https://gyazo.com/64f23852d760620730f6b631851697c1

https://gyazo.com/7af838ee54c9cba1b74ed1d1a480fb60

https://gyazo.com/66ed5bfe646ccae4a1257bb5f140e82d

DRAG DROP -You have 100 computers that run Windows 8.1.You plan to deploy Windows 10 to the computers by performing a wipe and load installation.You need to recommend a method to retain the user settings and the user data.Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: https://gyazo.com/e3e52670a9f40b36ef1ebec8d906af43

https://gyazo.com/673feab4bba6ce5eb8290b989973d8c3

HOTSPOT -Your company uses Microsoft Intune to manage Windows 10, Android, and iOS devices.Several users purchase new iPads and Android devices.You need to tell the users how to enroll their device in Intune.What should you instruct the users to use for each device? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/74e21eb6ddcad1abe26be5f08a4716ba

https://gyazo.com/677009a3e88614e6f6e661b7b324858c

DRAG DROP -Your company has a Microsoft Azure Active Directory (Azure AD) tenant.The company uses Microsoft Intune to manage iOS, Android, and Windows 10 devices.The company plans to purchase 1,000 iOS devices. Each device will be assigned to a specific user.You need to ensure that the new iOS devices are enrolled automatically in Intune when the assigned user signs in for the first time.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

https://gyazo.com/67d08d8b017ca6c906e9c51249cb086c

https://gyazo.com/1b84b9568d96e002f8f17a01b042fb08

https://gyazo.com/691ff855dd4272943489a93599fb886d

HOTSPOT -You have a computer named Computer1 that runs Windows 10.The Wi-Fi network profile for Computer1 is configured as shown in the following exhibit. https://gyazo.com/15766bb0d9b55b08cfeb3024225a8070 From which computers will Computer1 will receive updates and to which computers will Computer1 provide updates? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/4b94b0fd0bfe4288d33b03aa7784ea85

https://gyazo.com/6e319a1338c3f4604e1eafc0657b2f8e

HOTSPOT -Your network contains an Active Directory domain. The domain contains computers that run Windows 10 and are enrolled in Microsoft Intune. Updates are deployed by using Windows Update for Business.Users in a group named Group1 must meet the following requirements:✑ Update installations must occur any day only between 00:00 and 05:00.✑ Updates must be downloaded from Microsoft and from other company computers that already downloaded the updates.You need to configure the Windows 10 Update Rings settings in Intune to meet the requirements.Which two settings should you modify? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/e32dc3840582b748c8e4e8696419bcb6

https://gyazo.com/6e60b3837ab0abb5853634fa3568656b

HOTSPOT -You network contains an Active Directory domain. The domain contains 200 computers that run Windows 8.1. You have a Microsoft Azure subscription.You plan to upgrade the computers to Windows 10.You need to generate an Upgrade Readiness report for the computers.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/5b211394d6dede3c5f6e2f093da96591

https://gyazo.com/6eec964f77307eb277fbfc0247d61443

HOTSPOT -You have computers that run Windows 10 and are configured by using Windows Autopilot.A user performs the following tasks on a computer named Computer1:✑ Creates a VPN connection to the corporate network✑ Installs a Microsoft Store app named App1✑ Connects to a Wi-Fi networkYou perform a Windows Autopilot Reset on Computer1.What will be the state of the computer when the user signs in? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/741d37e382b5ca36352d216f88c32cf2

https://gyazo.com/708034488bbc613c6b75577040d516b3

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has anAll Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.Contoso has a Microsoft 365 E5 subscription.Environment -Network Environment -The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table. https://gyazo.com/629b3c2ef0ed0c33a4f46f343da84ee5 https://gyazo.com/1ed382b168b6bac4f22b428efb326ed4 The Automatic Enrollment settings have the following configurations:MDM user scope: GroupAMAM user scope: GroupBYou have an Endpoint protection configuration profile that has the following Controlled folder access settings:Name: Protection1Folder protection: EnableList of apps that have access to protected folders: C:\*\AppA.exeList of additional folders that need to be protected: D:\Folder1Assignments:- Included groups: Group2, GroupBWindows Autopilot Configuration -Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit. https://gyazo.com/141876f71eaa2dfc83cac41a256c22f5 Currently, there are no devices deployed by using Window Autopilot.The Intune connector for Active Directory is installed on Server1.Requirements -Planned Changes -Contoso plans to implement the following changes:Purchase a new Windows 10 device named Device6 and enroll the device in Intune.New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.Deploy a network boundary configuration profile that will have the following settings:- Name: Boundary1- Network boundary: 192.168.1.0/24- Scope tags: Tag1- Assignments:- - Included groups: Group1, Group2Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:- Name: Connection1- Connection name: VPN1- Connection type: L2TP- Assignments:- - Included groups: Group1, Group2, GroupA- - Excluded groups: --- Name: Connection2- Connection name: VPN2- Connection type: IKEv2- Assignments:- - Included groups: GroupA- - Excluded groups: GroupBPurchase an app named App1 that is available in Microsoft Store for Business and to assign the app to all the users.Technical Requirements -Contoso must meet the following technical requirements:Users in GroupA must be able to deploy new computers.Administrative effort must be minimized.QuestionHOTSPOT -For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/a602cb92f2f96f28cc2a23c25f841d50

https://gyazo.com/70d5d4bbc17ffe7f433cbad0129a2015

DRAG DROP -Your company uses Microsoft Intune. You have a Microsoft Store for Business account.You need to ensure that you can deploy Microsoft Store for Business apps by using Intune.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.Select and Place: https://gyazo.com/d804a1fd4c02a92ae04a8e944d8c88b9

https://gyazo.com/72ec73abe3ec01105b6abee9c4281a27

HOTSPOT -You have a Microsoft 365 subscription.You have 25 Microsoft Surface Hub devices that you plan to manage by using Microsoft Endpoint Manager.You need to configure the devices to meet the following requirements:✑ Enable Windows Hello for Business.✑ Configure Microsoft Defender SmartScreen to block users from running unverified files.Which profile types should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/ea679c6879d7931def272f8f7b9e3935

https://gyazo.com/75819d55f929b60389736aeaa75410c3

https://gyazo.com/5cb5143e4679233995a313fde6ee7f5f

https://gyazo.com/786f46a4d9a2af46e9d6f24e77965655

https://gyazo.com/3747b78e175c2b0ae18292787ab6b9d6 https://gyazo.com/5aa033291922581b79154bf997055c45

https://gyazo.com/79f27e7a7350e59652e6cb89e567e349

https://gyazo.com/ea63e168d6cfc2b0afe2654916639039 You create a Windows 10 update ring that has the following settings:✑ Basics:- Name: Ring1✑ Update ring settings:- Active hours start: 8 AM- Active hours end: 8 PM✑ Assignments:- Included Groups: All devices- Excluded Groups: Group1For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/69a819dd107de1227f1b2b7b9b233310

https://gyazo.com/7b2322251d190fbee87974d208eaa7da

DRAG DROP -You have an Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain.The tenant contains computers that run Windows 10. The computers are hybrid Azure AD joined and enrolled in Microsoft Intune. The Microsoft Office settings on the computers are configured by using a Group Policy Object (GPO).You need to migrate the GPO to Intune.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

https://gyazo.com/827d904a1e1e8112136bfa7c1edc0fbc

HOTSPOT -You have a Microsoft 365 tenant.You have a Windows 10 update ring named Policy1 as shown in the following exhibit. https://gyazo.com/c77aa13b3f5f81c31dfee93c169031be https://gyazo.com/0df995854bdf7d750fa3d19709186314

https://gyazo.com/898307ff87e1258a1863184ead3209ad

HOTSPOT -Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD). The domain contains computers that runWindows 10. The computers are configured as shown in the following table. https://gyazo.com/d249369aa5c254037bd2a81f2d7dc0de All the computers are enrolled in Microsoft Intune.You configure the following Maintenance Scheduler settings in the Default Domain Policy:✑ Turn off auto-restart for updates during active hours: Enabled✑ Active hours start: 08:00✑ Active hours end: 22:00In Intune, you create a device configuration profile named Profile1 that has the following OMA-URI settings:✑ ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP set to value 1✑ ./Device/Vendor/MSFT/Policy/Config/Update/ActiveHoursStart set to value 9✑ ./Device/Vendor/MSFT/Policy/Config/Update/ActiveHoursEnd set to value 21You assign Profile to Group1.How are the active hours configured on Computer1 and Computer2? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/747deb8201c6f5a7eb6450ca8b456501

https://gyazo.com/8b55197b7203afe27c00668d1a5ab89d

HOTSPOT -You have a Microsoft 365 tenant named contoso.com that contains a group named ContosoUsers. All the users in contoso.com are members of ContosoUsers.You have two Windows 10 devices as shown in the following table. https://gyazo.com/f4938d1620e551d29790e226b710a58e Both Computer1 and Computer2 contain two apps named App1 and App2.You configure an app protection policy named AppPolicy1 that has the following settings:✑ Protected apps: App1✑ Assignments: ContosoUsers✑ Enrollment state: Without enrollment✑ Windows Information Protection mode: BlockFor each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/767707ded286b044a2e2b1e846c74ee1

https://gyazo.com/8e4b4b5bb4c982221f40e8b342adcf9a

HOTSPOT -You have a Microsoft 365 subscription.Users have iOS devices that are not enrolled in Microsoft 365 Device Management.You create an app protection policy for the Microsoft Outlook app as shown in the exhibit. (Click the Exhibit tab.) https://gyazo.com/87bbf19c6730cad6bd4e0300f8a561a8 You need to configure the policy to meet the following requirements:Prevent the users from using the Outlook app if the operating system version is less than 12.0.0.✑ Require the users to use an alphanumeric passcode to access the Outlook app.What should you configure in an app protection policy for each requirement? To answer, select the appropriate options in the answer area.NOTE:Each correct selection is worth one point.Hot Area: https://gyazo.com/3db986ba61c30d73b136b288d4d5f037

https://gyazo.com/903e456f42b32bdadb299233b2807799

HOTSPOT -Your company has computers that run Windows 10. The employees at the company use the computers.You plan to monitor the computers by using the Update Compliance solution.You create the required resources in Azure.You need to configure the computers to send enhanced Update Compliance data.Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/53fddab56076d61e6ece60fa540c1aee

https://gyazo.com/94d96ca5b91e6547560a64dfbd2d6d54

HOTSPOT -You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.You need to capture the event logs from the computers to Azure.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/5fb6b090774482adba608900230cb5be

https://gyazo.com/9d6bf4e8d0cc74ef0634de69c45fd22e

HOTSPOT -A company named A.Datum Corporation uses Microsoft Endpoint Configuration Manager, Microsoft Intune, and Desktop Analytics.A.Datum purchases a company named Contoso, Ltd. Contoso has devices that run the following operating systems:✑ Windows 8.1✑ Windows 10✑ Android✑ iOSA.Datum plans to use Desktop Analytics to monitor the Contoso devices.You need to identify which devices can be monitored by using Desktop Analytics and how to add the devices to Desktop Analytics.What should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/485be3a76c447db76a99f7eb6da42e98

https://gyazo.com/9d871d64ec213a0e945a12b155a90f50

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/18d35284213441847b44d4eb17b0b133 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/a7b60e98ca48acb2196843b0ab71a1e4 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionHOTSPOT -What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/8262a75dc412965f27fb958213fae13b

https://gyazo.com/a95f8c704d75189cb900585a9ae8904c

HOTSPOT -You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 10.You need to modify the deployment share to meet the following requirements:Ensure that the user who performs the installation is prompted to set the local Administrator password.✑ Define a rule for how to name computers during the deployment.The solution must NOT replace the existing WinPE image.Which file should you modify for each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/7382c5cb9a6d9e8e3db14a534b424461

https://gyazo.com/acc7182c993bd5b2cea9df4518a604a2

https://gyazo.com/ce82a5bf03607c17cf984899e8b04b91

https://gyazo.com/b01957f7101b316d14600fef9f04d6f8

HOTSPOT -You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You need to configure an Intune device configuration profile to meet the following requirements:✑ Prevent Microsoft Office applications from launching child processes.✑ Block users from transferring files over FTP.Which two settings should you configure in Endpoint protection? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/eaabdb7a96216857783a85604d5577b7

https://gyazo.com/b25aa6298a690cf886109e08cb6cebfe

https://gyazo.com/0bca5376e1374f40f833f675dc1abf24

https://gyazo.com/b507524b4495d672d2d208bee1399a02

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/4c2e1c2c92d370084ebe2855d00d8dd4 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/43e9dcf8e1e248f7dab39b1a57cf0bd2 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionHOTSPOT -To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/3ef71a840cdd1d58132542e1b27ca243

https://gyazo.com/b5968950ceb91f002acdfab26048450a

DRAG DROP -Your company has a Microsoft 365 E5 tenant.All the devices of the company are enrolled in Microsoft Endpoint Manager.You need to create advanced reports by using custom queries and visualizations from raw Microsoft Endpoint Manager data.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: https://gyazo.com/83c607700e7231df410a89636ff80ca7

https://gyazo.com/b6b0a459a8782dcaa35c485b84f67c5d

DRAG DROP -Your network contains an Active Directory domain.You install the Microsoft Deployment Toolkit (MDT) on a server.You have a custom image of Windows 10.You need to deploy the image to 100 devices by using MDT.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: https://gyazo.com/7e9ce08a64c57a8874c0195b5385b447

https://gyazo.com/b948e16896a51673e69de1e1ae01a919

DRAG DROP -You have five computers that runs Windows 10.You need to create a provisioning package to configure the computers to meet the following requirements:✑ Run an interactive app.✑ Automatically sign in by using a local user account.✑ Prevent users from accessing the desktop and running other applications.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

https://gyazo.com/b9b3f60abb6f2c14d5924ab115b2ab0c

You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.In the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.What should you do first? A. Create a selection profile B. Import an OS package C. Add a Validate task to the task sequence D. Add a Gather task to the task sequence

A. Create a selection profile

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (AD) and enrolled in Microsoft Intune.You need to enable self-service password reset on the sign-in screen.Which settings should you configure from the Microsoft Endpoint Manager admin center? A. Device configuration B. Device compliance C. Device enrollment D. Conditional access

A. Device configuration

Your company has a Microsoft 365 subscription.All the users in the finance department own personal devices that run iOS or Android. All the devices are enrolled in Microsoft Intune.The finance department adds new users each month.The company develops a mobile application named App1 for the finance department users.You need to ensure that only the finance department users can download App1.What should you do first? A. Add App1 to Intune. B. Add App1 to a Microsoft Deployment Toolkit (MDT) deployment share. C. Add App1 to Microsoft Store for Business. D. Add App1 to the vendor stores for iOS and Android applications.

A. Add App1 to Intune.

You enable controlled folder access in audit mode for several computers that run Windows 10.You need to review the events audited by controlled folder access.Which Event Viewer log should you view? A. Applications and Services\Microsoft\Windows\Windows Defender\Operational B. Windows\Security C. Applications and Services\Microsoft\Windows\Known Folders\Operational

A. Applications and Services\Microsoft\Windows\Windows Defender\Operational

https://gyazo.com/c27629a4481e5f8a02c8a1e895dbc55e You plan to perform an in-place upgrade to the 64-bit version of Windows 10.Which computers can you upgrade to the 64-bit version of Windows 10 in their current state? A. Computer2 and Computer4 only B. Computer4 only C. Computer3 and Computer4 only D. Computer1, Computer2, Computer3 and Computer4 E. Computer2, Computer3, and Computer4 only

A. Computer2 and Computer4 only

You manage your company's Microsoft 365 subscription.You are tasked with creating an app protection policy for the Microsoft Outlook app on iOS devices that are not enrolled in Microsoft 365 Device Management.You have to make sure that the policy is configured to prohibit the users from using the Outlook app if the operating system version is less than 12.0.0. You also have to make sure that an alphanumeric passcode is required for users to access the Outlook app.Which of the following is policy settings that you should configure? (Choose two.) A. Conditional launch B. Data transfer exemptions C. Data protection D. Access requirements

A. Conditional launch D. Access requirements

You have 10 computers that run Windows 8.1 and have the following configurations:✑ A single MBR disk✑ A disabled TPM chip✑ Disabled hardware virtualization✑ UEFI firmware running in BIOS mode✑ Enabled Data Execution Prevention (DEP)You plan to upgrade the computers to Windows 10.You need to ensure that the computers can use Secure Boot.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Convert the MBR disk to a GPT disk B. Enable the TPM chip. C. Disable DEP D. Enable hardware virtualization E. Convert the firmware from BIOS to UEFI.

A. Convert the MBR disk to a GPT disk E. Convert the firmware from BIOS to UEFI.

Your network contains an Active Directory named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.Folder Redirection is configured for a domain user named User1. The AppData\Roaming folder and the Desktop folder are redirected to a network share.User1 signs in to Computer1 and performs the following tasks:✑ Configures screen saver to start after five minutes of inactivity✑ Modifies the default save location for Microsoft Word✑ Creates a file named File1.docx on the desktop✑ Modifies the desktop backgroundWhat will be retained when User1 signs in to Computer2? A. File1.docx and the desktop background only B. File1.docx, the screen saver settings, the desktop background, and the default save location for Word C. File1.docx only D. File1.docx, the desktop background, and the default save location for Word only

A. File1.docx and the desktop background only

Your network contains an Active Directory domain. The domain contains 5,000 computers that run Windows 10.All users use Roaming User Profiles.Some users report that it takes a long time to sign in to the computers.You discover that the users have user profiles that are larger than 1 GB.You need to reduce the amount of time it takes for the users to sign in.What should you configure? A. Folder Redirection by using a Group Policy Object (GPO) B. Sync your settings in the Settings app C. Delivery Optimization in the Settings app D. Microsoft User Experience Virtualization (UE-V) by using PowerShell

A. Folder Redirection by using a Group Policy Object (GPO)

Your company uses Microsoft Intune to manage devices. You need to ensure that only Android devices that use Android work profiles can enroll in Intune.Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From Select platforms, set Android work profile to Allow. B. From Configure platforms, set Android Personally Owned to Block. C. From Configure platforms, set Android Personally Owned to Allow. D. From Select platforms, set Android to Block.

A. From Select platforms, set Android work profile to Allow. B. From Configure platforms, set Android Personally Owned to Block.

D. Computer1, Computer2, and Computer3

A. From Windows Features, turn on Microsoft Defender Application Guard.

You have 100 devices that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).You need to prevent users from joining their home computer to Azure AD.What should you do? A. From the Device enrollment blade in the Intune admin center, modify the Enrollment restriction settings. B. From the Devices blade in the Azure Active Directory admin center, modify the Device settings. C. From the Device enrollment blade in the Intune admin center, modify the Device enrollment manages settings. D. From the Mobility (MDM and MAM) blade in the Azure Active Directory admin center, modify the Microsoft Intune enrollment settings.

A. From the Device enrollment blade in the Intune admin center, modify the Enrollment restriction settings.

You have a Microsoft 365 subscription.You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM).You need to deploy the Microsoft 365 Apps for enterprise suite to all the computers.What should you do? A. From the Endpoint Management admin center, add an app. B. From Microsoft Azure Active Directory (Azure AD), add an app registration. C. From Microsoft Azure Active Directory (Azure AD), add an enterprise application. D. From the Endpoint Management admin center, create a Windows 10 device profile.

A. From the Endpoint Management admin center, add an app.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.You create a terms of use (ToU) named Terms1 in contoso.com.You are creating a conditional access policy named Policy1 to assign a cloud app named App1 to the users in contoso.com.You need to configure Policy1 to require the users to accept Terms1.What should you configure in Policy1? A. Grant in the Access controls section B. Conditions in the Assignments section C. Cloud apps or actions in the Assignments section D. Session in the Access controls section

A. Grant in the Access controls section

You need to enable Microsoft Defender Credential Guard on computers that run Windows 10.What should you install on the computers? A. Hyper-V B. Microsoft Defender Application Guard C. a guarded host D. containers

A. Hyper-V

You have a Microsoft 365 tenant that uses Microsoft Intune.You use the Company Portal app to access and install published apps to enrolled devices.From the Microsoft Endpoint Manager admin center, you add a Microsoft Store app.Which two App information types are visible in the Company Portal?NOTE: Each correct selection is worth one point. A. Information URL B. Owner C. Privacy URL D. Developer

A. Information URL C. Privacy URL

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.Solution: You configure Enterprise State Roaming.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer named Computer1 that runs Windows 10.You save a provisioning package named Package1 to a folder named C:\Folder1.You need to apply Package1 to Computer1.Solution: From File Explorer, you go to C:\Folder1, and then you double-click the Package1.ppkg file.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer that runs Windows 8.1.Two days ago, you upgraded the computer to Windows 10.You need to downgrade the computer to Windows 8.1.Solution: From Windows Update in the Settings app, you use the Advanced options.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer that runs Windows 8.1.Two days ago, you upgraded the computer to Windows 10.You need to downgrade the computer to Windows 8.1.Solution: From the Settings app, you use the Recovery options.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer that runs Windows 8.1.Two days ago, you upgraded the computer to Windows 10.You need to downgrade the computer to Windows 8.1.Solution: You restart the computer to Windows Recovery Environment (Windows RE) and use the Advanced options.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and Windows 10 Pro devices.From Microsoft Intune, you create a device configuration profile named Profile1.You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.Solution: You configure an applicability rule for Profile1. You assign Profile1 to Group1.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and Windows 10 Pro devices.From Microsoft Intune, you create a device configuration profile named Profile1.You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.Solution: You create an Azure Active Directory group that contains only the Windows 10 Enterprise devices. You assign Profile1 to the new group.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to ensure that feature and quality updates install automatically on a Windows 10 computer during a maintenance window.Solution: In Group policy, from the Maintenance Scheduler settings, you configure Automatic Maintenance Activation Boundary.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription.Contoso.com contains a user named [email protected] have a computer named Computer1 that runs Windows 8.1.You need to perform an in-place upgrade of Computer1 to Windows 10.Solution: From Windows 8.1, you run setup.exe from the Windows 10 installation media.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.Solution: From the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Endpoint Management admin center, you configure the Windows Hello for Business enrollment options.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has several Windows 10 devices that are enrolled in Microsoft Intune.You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.You need to enroll Computer1 in Intune.Solution: From Computer1, you sign in to https://portal.manage.microsoft.com and use the Devices tab.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has several Windows 10 devices that are enrolled in Microsoft Intune.You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.You need to enroll Computer1 in Intune.Solution: You install the Company Portal app on Computer1 and use the Devices tab from the app.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Update for Business.The research department has several computers that have specialized hardware and software installed.You need to prevent the video drivers from being updated automatically by using Windows Update.Solution: From the Device Installation settings in a Group Policy object (GPO), you enable Specify search order for device driver source locations, and then you select Do not search Windows Update.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Update for Business.The research department has several computers that have specialized hardware and software installed.You need to prevent the video drivers from being updated automatically by using Windows Update.Solution: From the Windows Update settings in a Group Policy object (GPO), you enable Do not include drivers with Windows Updates.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain. The domain contains member computers that run Windows 8.1 and are enrolled in Microsoft Intune.You need to identify which computers can be upgraded to Windows 10.Solution: You install the Microsoft Assessment and Planning Toolkit. From the Microsoft Assessment and Planning Toolkit, you collect inventory data and run theWindows 10 Readiness scenario.Does this meet the goal? A. Yes B. No

A. Yes

All users at your company have Azure AD joined Windows 10 workstations that are managed via Microsoft Intune.You have been tasked with making sure that Windows Analytics is used to monitor the workstations centrally.Which of the following actions should you take? A. You should create a device configuration profile via Intune. B. You should create a device compliance policy via Intune. C. You should create a Windows AutoPilot deployment profile via Intune. D. You should create an app configuration policy via Intune.

A. You should create a device configuration profile via Intune.

Your company has a large number of Windows 10 workstations that are managed via Microsoft Intune.Delivery Optimization is not being used for Windows updates at present.You want to make sure that Delivery Optimization is configured for all of the workstations.Which of the following actions should you take? A. You should create a device configuration profile via Intune. B. You should create a device compliance policy via Intune. C. You should create a Windows AutoPilot deployment profile via Intune. D. You should create a conditional access policy via Intune.

A. You should create a device configuration profile via Intune.

Question #34Topic 3 Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All users have computers that run Windows 10. The computers are joined to Azure AD and managed by using Microsoft Intune.You need to ensure that you can centrally monitor the computers by using Windows Analytics.What should you create in Intune? A. a device configuration profile B. a conditional access policy C. a device compliance policy D. an update policy

A. a device configuration profile

You have a Windows 10 device named Device1 that is joined to Active Directory and enrolled in Microsoft Intune.Device 1 is managed by using Group Policy and Intune.You need to ensure that the Intune settings override the Group Policy settings.What should you configure? A. a device configuration profile B. an MDM Security Baseline profile C. a device compliance policy D. a Group Policy Object (GPO)

A. a device configuration profile

Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune.Currently, Windows updates are downloaded without using Delivery Optimization.You need to configure the computers to use Delivery Optimization.What should you create in Intune? A. a device configuration profile B. a device compliance policy C. an app protection policy D. a Windows 10 update ring

A. a device configuration profile

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All users have computers that run Windows 10. The computers are joined to Azure AD and managed by using Microsoft Intune.You need to ensure that you can centrally monitor the computers by using the Update Compliance solution.What should you create in Intune? A. a device configuration profile B. a conditional access policy C. a device compliance policy D. an update policy

A. a device configuration profile

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 500 laptops that runWindows 8.1 Professional. The users of the laptops work from home.Your company uses Microsoft Intune, the Microsoft Deployment Toolkit (MDT), and Windows Configuration Designer to manage client computers.The company purchases 500 licenses for Windows 10 Enterprise.You verify that the hardware and applications on the laptops are compatible with Windows 10.The users will bring their laptop to the office, where the IT department will deploy Windows 10 to the laptops while the users wait.You need to recommend a deployment method for the laptops that will retain their installed applications. The solution must minimize how long it takes to perform the deployment.What should you include in the recommendation? A. an in-place upgrade B. a clean installation by using a Windows Configuration Designer provisioning package C. Windows AutoPilot D. a clean installation and the User State Migration Tool (USMT)

A. an in-place upgrade

You have computers that run Windows 10 and are joined to Azure Active Directory (Azure AD).All users sign in to the computers by using their Azure AD account.Enterprise State Roaming is enabled.From the Settings app, a user named User1 adds a Microsoft account.Which account will be used for the Synchronizing Windows setting? A. the work account only B. the Microsoft account only C. both the Microsoft account and the work account

A. the work account only

You have devices enrolled in Microsoft Intune as shown in the following table. https://gyazo.com/dd2f618c6a61b68c23653e58491388ef You create an app protection policy named Policy1 that has the following settings:✑ Platform: Windows 10✑ Protected apps: App1✑ Exempt apps: App2✑ Network boundary: Cloud resources, IPv4 rangesYou assign Policy1 to Group1 and Group2. You exclude Group3 from Policy1.Which devices will apply Policy1? A. Device1, Device2, Device4, and Device5 B. Device1, Device4, and Device5 only C. Device4 and Device5 only D. Device1, Device3, Device4 and Device5

C. Device4 and Device5 only

You have a computer named Computer5 that has Windows 10 installed.You create a Windows PowerShell script named config.ps1.You need to ensure that config.ps1 runs after feature updates are installed on Computer5.Which file should you modify on Computer5? A. Unattend.xml B. Unattend.bat C. SetupConfig.ini D. LiteTouch.wsf

C. SetupConfig.ini

You are replacing 100 company-owned Windows devices.You need to use the Microsoft Deployment Toolkit (MDT) to securely wipe and decommission the devices. The solution must meet the following requirements:✑ Back up the user state.✑ Minimize administrative effort.Which task sequence template should you use? A. Litetouch OEM Task Sequence B. Sysprep and Capture C. Standard Client Replace Task Sequence D. Standard Client Task Sequence

C. Standard Client Replace Task Sequence

You have a Microsoft 365 tenant that contains the devices shown in the following table. https://gyazo.com/d9dbc4581bd909f982e8144ccc3b38f0 The devices are managed by using Microsoft Intune.You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.You discover that devices that are not members of Group1 are shown as Compliant.You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.What should you do? A. From Endpoint security, configure the Conditional access settings. B. From Device compliance, configure the Compliance policy settings. C. From Policy1, modify the actions for noncompliance. D. From Tenant administration, modify the Diagnostic settings.

B. From Device compliance, configure the Compliance policy settings.

Your company has a Microsoft 365 subscription.A new user named Admin1 is responsible for deploying Windows 10 to computers and joining the computers to Microsoft Azure Active Directory (Azure AD).Admin1 successfully joins computers to Azure AD.Several days later, Admin1 receives the following error message: `This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code (0x801c0003).`You need to ensure that Admin1 can join computers to Azure AD and follow the principle of least privilege.What should you do? A. Assign the Global administrator role to Admin1. B. Modify the Device settings in Azure AD. C. Assign the Cloud device administrator role to Admin1. D. Modify the User settings in Azure AD.

B. Modify the Device settings in Azure AD.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company Windows 10 computers that are enrolled in Microsoft Intune. You make use of Intune to manage the servicing channel settings of all company computers.You receive an enquiry regarding the servicing status of a specific computer.You need to review the necessary policy report.Solution: You navigate to device status via Device configuration.Does the solution meet the goal? A. Yes B. No

B. No

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a hybrid configuration of Microsoft Azure Active Directory (Azure AD). Your company also has a Microsoft 365 subscription.After creating a conditional access policy for Microsoft Exchange Online, you are tasked with configuring the policy to block access to Exchange Online. However, the policy should allow access for hybrid Azure AD-joined devicesSolution: You should configure the Client apps settings.Does the solution meet the goal? A. Yes B. No

B. No

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a hybrid configuration of Microsoft Azure Active Directory (Azure AD). Your company also has a Microsoft 365 subscription.After creating a conditional access policy for Microsoft Exchange Online, you are tasked with configuring the policy to block access to Exchange Online. However, the policy should allow access for hybrid Azure AD-joined devicesSolution: You should configure the Device platforms settings.Does the solution meet the goal? A. Yes B. No

B. No

You have an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains Windows 10 devices that are enrolled in Microsoft Intune.You create an Azure Log Analytics workspace and add the Update Compliance Solution to the workspace.You need to create a custom device configuration profile that will enroll the Windows 10 devices in Update Compliance.Which OMA-URI should you add to the profile? A. ./Vendor/MSFT/DMClient/Provider/MS DM Server/Push B. ./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID C. ./Vendor/MSFT/DMClient/Provider/MS DM Server/ManagementServerAddressList D. ./Vendor/MSFT/DMClient/Provider/MS DM Server/Push/ChannelURI

B. ./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in MicrosoftIntune.You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.Solution: You make use of Windows Defender Antivirus.Does the solution meet the goal? A. Yes B. No

B. No

You install a feature update on a computer that runs Windows 10.How many days do you have to roll back the update? A. 5 B. 10 C. 14 D. 30

B. 10

You need to consider the underlined segment to establish whether it is accurate.After installing a feature update on a Windows 10 computer, you have 7 days to roll back the updateSelect `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required. B. 10 C. 90 D. 30

B. 10

You need to consider the underlined segment to establish whether it is accurate.You have recently created a provisioning package that uses Comp%RAND:1% as the device name.You will be able to successfully run the package on as much as 5 devices.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required B. 10 C. 15 D. 20

B. 10

You have a Microsoft Intune subscription.You have devices enrolled in Intune as shown in the following table. https://gyazo.com/3b9be5b61576951d26fedb77a3bbc369 An app named App1 is installed on each device.What is the minimum number of app configuration policies required to manage App1? A. 1 B. 2 C. 3 D. 4 E. 5

B. 2

You need to assign the same deployment profile to all the computers that are configured by using Windows Autopilot.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Join the computers to Microsoft Azure Active Directory (Azure AD) B. Assign a Windows Autopilot deployment profile to a group C. Join the computers to an on-premises Active Directory domain D. Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and uses the operatingSystem tag E. Create a Group Policy object (GPO) that is linked to a domain F. Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and uses the ZTDID tag

B. Assign a Windows Autopilot deployment profile to a group F. Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and uses the ZTDID tag

https://gyazo.com/523c2ba75ad61fb1ba3e5bd11059899f The target is set to Server1.You plan to use known folder redirection in Microsoft OneDrive for Business.You need to ensure that the desktop content of users remains on their desktop when you implement known folder redirection.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Clear the Grant the user exclusive rights to Desktop check box. B. Change the Policy Removal setting. C. Disable Folder Redirection. D. Clear the Move the contents of Desktop to the new location check box.

B. Change the Policy Removal setting. C. Disable Folder Redirection.

Your company has a System Center Configuration Manager deployment that uses hybrid mobile device management (MDM). All Windows 10 devices are ActiveDirectory domain-joined.You plan to migrate from hybrid MDM to Microsoft Intune standalone.You successfully run the Intune Data Importer tool.You need to complete the migration.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. In Intune, add a device enrollment manager (DEM). B. Change the tenant MDM authority to Intune. C. Assign all users Intune licenses. D. Create a new Intune tenant.

B. Change the tenant MDM authority to Intune. C. Assign all users Intune licenses.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in MicrosoftIntune.You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.Solution: You make use of Windows Defender Application Guard.Does the solution meet the goal? A. Yes B. No

B. No

You manage a large number of Windows 10 computers.You have been tasked with creating a provisioning package that will allow you to remove the Microsoft News and the Xbox Microsoft Store apps, as well as add aVPN connection to the company network.Which of the following are the customization settings you should configure? A. Connections and Personalization B. ConnectivityProfiles and Policies C. Connections and Policies D. ConnectivityProfiles and Personalization

B. ConnectivityProfiles and Policies

You have a Microsoft 365 subscription.A remote user purchases a laptop from a retail store. The laptop is intended for company use and has Windows 10 Pro edition installed.You need to configure the laptop to meet the following requirements:✑ Modify the layout of the Start menu✑ Upgrade Windows 10 to Windows 10 Enterprise✑ Join the laptop to a Microsoft Azure Active Directory (Azure AD) domain named contoso.comThe solution must minimize how long it takes for the user to apply the configurations.What should you do? A. Create a custom Windows image (.wim) file that contains an image of Windows 10 Enterprise and upload the file to a Microsoft B. Create a provisioning package (.ppkg) file and email the file to the user C. Create a Windows To Go workspace and ship the workspace to the user D. Create a Sysprep Unattend (.xml) file and email the file to the user

B. Create a provisioning package (.ppkg) file and email the file to the user

You are creating a device configuration profile in Microsoft Intune.You need to configure specific OMA-URI settings in the profile.Which profile type should you use? A. Identity protection B. Custom C. Device restrictions (Windows 10 Team) D. Device restrictions

B. Custom

You are creating a device configuration profile in Microsoft Intune.You need to implement an ADMX-backed policy.Which profile type should you use? A. Identity protection B. Custom C. Device restrictions D. Device restrictions (Windows 10 Team)

B. Custom

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You redirect Windows known folders to Microsoft OneDrive for Business.Which folder will be included in the redirection? A. Saved Games B. Desktop C. Music D. Downloads

B. Desktop

You have an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to use Windows Autopilot to configure the Windows 10 devices shown in the following table. https://gyazo.com/a15c36d54f4d33c3ef625865f4777aa4 Which devices can be configured by using Windows Autopilot self-deploying mode? A. Device2 and Device3 only B. Device3 only C. Device2 only D. Device1, Device2, and Device3

B. Device3 only

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You redirect Windows known folders to Microsoft OneDrive for Business.Which folder will be included in the redirection? A. Saved Games B. Documents C. Music D. Downloads E. Favorites F. AppData G. Videos

B. Documents

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/b62245a1ce8caf91331c651b425e497f The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/0b94a9470dcbed98aacf6965435873bc Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionYou need to prepare for the deployment of the Phoenix office computers.What should you do first? A. Generalize the computers and configure the Mobility (MDM and MAM) settings from the Azure Active Directory admin center. B. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune blade in the Azure portal. C. Extract the hardware ID information of each computer to an XML file and upload the file from the Devices settings in Microsoft Store for Business. D. Extract the serial number information of each computer to a CSV file and upload the file from the Microsoft Intune blade in the Azure portal.

B. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune blade in the Azure portal.

You have Windows 10 devices that are managed by using Microsoft Intune. Intune and the Microsoft Store for Business are integrated.You need to deploy the Remote Desktop modern app as an automatic install to the Windows 10 devices without user interaction.Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Create an Azure Active Directory group that contains all users. B. From the Endpoint Manager admin center, create a Microsoft Store app for the Remote Desktop modern app. C. From the Endpoint Manager admin center, assign the app to the Azure Active Directory group. D. Create an Azure Active Directory group that contains the Windows 10 devices. E. From the Microsoft Store for Business portal, assign a license for the app to all the users in the Azure Active Directory group. F. For your organization, make the app available in the Microsoft Store for Business.

B. From the Endpoint Manager admin center, create a Microsoft Store app for the Remote Desktop modern app. C. From the Endpoint Manager admin center, assign the app to the Azure Active Directory group. D. Create an Azure Active Directory group that contains the Windows 10 devices.

You have a Microsoft 365 subscription.You need to deploy Microsoft 365 Apps for enterprise applications to Windows 10 devices.What should you do first? A. From Microsoft Azure Active Directory (Azure AD), create an app registration. B. From the Endpoint Manager admin center, create an app. C. From the Endpoint Manager admin center, create an app configuration policy. D. From the Endpoint Manager admin center, enable Microsoft Store for Business synchronization.

B. From the Endpoint Manager admin center, create an app.

Your company has an internal portal that uses a URL of http://contoso.com.The network contains computers that run Windows 10. The default browser on all the computers is Microsoft Edge.You need to ensure that all users only use Internet Explorer to connect to the internal portal. The solution must ensure that Microsoft Edge can be used to connect to all other websites.What should you do from each computer? A. From Internet Explorer, configure the Compatibility View settings B. From the local policy, configure Enterprise Mode C. From Microsoft Edge, configure the Advanced Site Settings D. From the Settings app, configure the default web browser settings

B. From the local policy, configure Enterprise Mode

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.General Overview -Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.Existing Environment -Current Business Model -The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.Litware has a Microsoft Endpoint Configuration Manager deployment.During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.Current Environment -The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain isWindows Server 2012 R2. All domain controllers run Windows Server 2012 R2.Litware has the computers shown in the following table. https://gyazo.com/261a1981408e33f34e9ff34345283f34 The development department uses projects in Azure DevOps to build applications.Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to a different contractor. Currently, the computers are re-provisioned manually by the IT department.Problem Statements -Litware identifies the following issues on the network:Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.Re-provisioning the sales department computers is too time consuming.Requirements -Business Goals -Litware plans to transition to co-management for all the company-owned Windows 10 computers.Whenever possible, Litware wants to minimize hardware and software costs.Device Management Requirements -Litware identifies the following device management requirements:Prevent the sales department employees from forwarding email that contains bank account information.Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.Technical Requirements -Litware identifies the following technical requirements for the planned deployment:Re-provision the sales department computers by using Windows AutoPilot.Ensure that the projects in Azure DevOps can be accessed from the corporate network only.Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.Exhibits -Updates - https://gyazo.com/da93f812975b79293883174feea4a73d QuestionYou need to capture the required information for the sales department computers to meet the technical requirements.Which Windows PowerShell command should you run first? A. Install-Module WindowsAutoPilotIntune B. Install-Script Get-WindowsAutoPilotInfo C. Import-AutoPilotCSV D. Get-WindowsAutoPilotInfo

B. Install-Script Get-WindowsAutoPilotInfo

https://gyazo.com/8905d07dbfaeb2071acd0f51de6b468d A. Remove Device1 and Device2 from Intune. B. Join Device2 to Azure AD. C. Add a Microsoft account to each device. D. Enroll Device3 in Intune.

B. Join Device2 to Azure AD.

You have 100 computers that run Windows 8.1.You need to create a report that will assess the Windows 10 readiness of the computers.What should you use? A. Windows Assessment and Deployment Kit (Windows ADK) B. Microsoft Assessment and Planning (MAP) Toolkit C. Windows Deployment Services (WDS) D. Microsoft Desktop Optimization Pack (MDOP)

B. Microsoft Assessment and Planning (MAP) Toolkit

You have computers that run Windows 10 and are managed by using Microsoft Intune.Users store their files in a folder named D:\Folder1.You need to ensure that only a trusted list of applications is granted write access to D:\Folder1.What should you configure in the device configuration profile? A. Microsoft Defender SmartScreen B. Microsoft Defender Exploit Guard C. Microsoft Defender Application Guard D. Microsoft Defender Application Control

B. Microsoft Defender Exploit Guard

Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.You need to prevent users and apps from accessing dangerous websites.What should you configure? A. Microsoft Defender Application Control B. Microsoft Defender Exploit Guard C. Microsoft Defender Application Guard D. Microsoft Defender Firewall

B. Microsoft Defender Exploit Guard

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in MicrosoftIntune.You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.Solution: You make use of Windows Defender SmartScreen.Does the solution meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.Solution: You configure roaming user profiles.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer named Computer1 that runs Windows 10.You save a provisioning package named Package1 to a folder named C:\Folder1.You need to apply Package1 to Computer1.Solution: At a command prompt, you change the current folder to C:\Folder1, and then you run the RegSvr32.exe Package1.ppkg command.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer named Computer1 that runs Windows 10.You save a provisioning package named Package1 to a folder named C:\Folder1.You need to apply Package1 to Computer1.Solution: From the Settings app, you select Access work or school, and then you select Add or remove a provisioning package.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a computer that runs Windows 8.1.Two days ago, you upgraded the computer to Windows 10.You need to downgrade the computer to Windows 8.1.Solution: From View update history in the Settings app, you select Uninstall updates.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and Windows 10 Pro devices.From Microsoft Intune, you create a device configuration profile named Profile1.You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.Solution: You create a scope tag, and then you add the scope tag to the Windows 10 Enterprise devices. You edit the settings of Profile1.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to ensure that feature and quality updates install automatically during a maintenance window.Solution: In Group policy, from the Windows Update settings, you enable Configure Automatic Updates, select 3 `" Auto download and notify for Install, and then enter a time.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to ensure that feature and quality updates install automatically on a Windows 10 computer during a maintenance window.Solution: In Group policy, from the Maintenance Scheduler settings, you configure Automatic Maintenance Random Delay.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to ensure that feature and quality updates install automatically on a Windows 10 computer during a maintenance window.Solution: In Group policy, from the Windows Update settings, you enable Configure Automatic Updates, select 4-Auto download and schedule the install, and then enter a time.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription.Contoso.com contains a user named [email protected] have a computer named Computer1 that runs Windows 8.1.You need to perform an in-place upgrade of Computer1 to Windows 10.Solution: You assign a Windows 10 license to User1. You instruct User1 to sign in to Computer1.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.Solution: From the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Endpoint Management admin center, you create and assign a device restrictions profile.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.Solution: From the Azure Active Directory admin center, you configure the Authentication methods.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.Solution: From the Azure Active Directory admin center, you modify the User settings and the Device settings.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has several Windows 10 devices that are enrolled in Microsoft Intune.You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.You need to enroll Computer1 in Intune.Solution: From Computer1, you sign in to https://endpoint.microsoft.com and use the Windows enrollment blade.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has several Windows 10 devices that are enrolled in Microsoft Intune.You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.You need to enroll Computer1 in Intune.Solution: From the Settings app on Computer1, you use the Connect to work or school account settings.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Autopilot to configure the computer settings of computers issued to users.A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.You plan to transfer the computer to a user named User2.You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting and to agree to the license agreement.Solution: You create a new Windows Autopilot self-deploying deployment profile.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Autopilot to configure the computer settings of computers issued to users.A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.You plan to transfer the computer to a user named User2.You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting and to agree to the license agreement.Solution: You create a new Windows Autopilot user-driven deployment profile.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Autopilot to configure the computer settings of computers issued to users.A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.You plan to transfer the computer to a user named User2.You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting and to agree to the license agreement.Solution: You perform a remote Windows Autopilot Reset.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Autopilot to configure the computer settings of computers issued to users.A user named User1 has a computer named Computer1 that runs Windows 10.User1 leaves the company.You plan to transfer the computer to a user named User2.You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting and to agree to the license agreement.Solution: You perform a local Windows Autopilot Reset.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Update for Business.The research department has several computers that have specialized hardware and software installed.You need to prevent the video drivers from being updated automatically by using Windows Update.Solution: From the Device Installation and Restrictions settings in a Group Policy object (GPO), you enable Prevent installation of devices using drivers that match these device setup classes, and then you enter the device GUID.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company uses Windows Update for Business.The research department has several computers that have specialized hardware and software installed.You need to prevent the video drivers from being updated automatically by using Windows Update.Solution: From the Settings app, you clear the Give me updates for other Microsoft products when I update Windows check box.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain. The domain contains member computers that run Windows 8.1 and are enrolled in Microsoft Intune.You need to identify which computers can be upgraded to Windows 10.Solution: From Windows on the Devices blade of the Microsoft Endpoint Manager admin center, you create a filter and export the results as a CSV file.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain. The domain contains member computers that run Windows 8.1 and are enrolled in Microsoft Intune.You need to identify which computers can be upgraded to Windows 10.Solution: From the Microsoft Endpoint Manager admin center, you create a device compliance policy and assign the policy to the computers. After 24 hours, you view the Device compliance report in Intune.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain. The domain contains member computers that run Windows 8.1 and are enrolled in Microsoft Intune.You need to identify which computers can be upgraded to Windows 10.Solution: You install the Microsoft Assessment and Planning Toolkit. From the Microsoft Assessment and Planning Toolkit, you collect inventory data and run theWindows 8.1 Readiness scenario.Does this meet the goal? A. Yes B. No

B. No

Question #2Topic 1 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company Windows 10 computers that are enrolled in Microsoft Intune. You make use of Intune to manage the servicing channel settings of all company computers.You receive an enquiry regarding the servicing status of a specific computer.You need to review the necessary policy report.Solution: You navigate to the audit logs via Software updates.Does the solution meet the goal? A. Yes B. No

B. No

Question #39Topic 3 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and Windows 10 Pro devices.From Microsoft Intune, you create a device configuration profile named Profile1.You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.Solution: You create a scope tag, and then you add the scope tag to the Windows 10 Enterprise devices and Profile1.Does this meet the goal? A. Yes B. No

B. No

You have devices enrolled in Microsoft Intune as shown in the following table. https://gyazo.com/5e46466715ba2f5c5cca9e40ee5022e3 On which devices can you apply app configuration policies? A. Device1, Device2, Device3, and Device4 B. Device2 only C. Device3 and Device4 only D. Device1 and Device2 only E. Device2, Device3, and Device4 only

C. Device3 and Device4 only

You have a server that runs the Microsoft Deployment Toolkit (MDT). You have computers that run Windows 8.1 or Windows 10.You have a Microsoft 365 tenant. Microsoft 365 Enterprise E5 licenses are assigned to all users.You need to recommend a strategy to install Windows 10 on the Windows 8.1 computers. The installation must retain the user files, settings, and supported applications.What should you recommend? A. Refresh the Window 8.1 computers by using Windows 10 and use the User State Migration Tool (USMT). B. Perform an in-place upgrade of Windows 8.1 to Windows 10. C. Refresh the Window 8.1 computers by using Windows 10 and use Windows Autopilot white glove service to finalize the installation. D. Refresh the Window 8.1 computers by using Windows 10 and use Windows Autopilot user-driven mode.

B. Perform an in-place upgrade of Windows 8.1 to Windows 10.

Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in MicrosoftIntune.You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed as the Desktop background picture.Which of the following is a Device restriction setting that should be configured? A. Locked screen experience B. Personalization C. Display D. General

B. Personalization

You company has a Microsoft Azure Active Directory (Azure AD) tenant that includes Microsoft Intune. All of the Windows 10 devices are enrolled in Intune.You are preparing to configure a Windows Information Protection (WIP) policy:You need to make sure that the policy is configured to allow for the logging of unacceptable data sharing, but not blocking the action.Which of the following is the WIP protection mode that you should use? A. Block B. Silent C. Off D. Allow Overrides

B. Silent

You have computers that run Windows 10, are joined to Azure Active Directory (Azure AD), and are enrolled in Microsoft Intune.You have an Azure web app named App1. App1 only allows connections over HTTPS. App1 uses a certificate from an on-premises certification authority (CA).You need to ensure that the computers can connect to App1 from Microsoft Edge.Which type of device configuration profile should you create in Microsoft Endpoint Manager? A. trusted certificate B. Simple Certificate Enrollment Protocol (SCEP) certificate C. imported public key pair (PKCS) certificate D. public key pair (PKCS) certificate

B. Simple Certificate Enrollment Protocol (SCEP) certificate

You use Windows Admin Center to remotely administer computers that run Windows 10.When connecting to Windows Admin Center, you receive the message shown in the following exhibit. https://gyazo.com/6ab7b3a8f426a353eac0ccc5df70a93e You need to prevent the message from appearing when you connect to Windows Admin Center.To which certificate store should you import the certificate? A. Client Authentication Issuers B. Trusted Root Certification Authorities C. Personal

B. Trusted Root Certification Authorities

Your company has an Active Directory domain, named weylandindustries.com. The domain is synced to Microsoft Azure Active Directory (Azure AD) and all company computers have been enrolled in Microsoft Intune.You are preparing to perform a Wipe action on certain company devices.Which of the following operating systems support the Wipe action? Choose all that apply. A. Windows Vista B. Windows 8.1 C. Windows 10 D. iOS

B. Windows 8.1 C. Windows 10

You are currently making use of the Antimalware Assessment solution in Microsoft Azure Log Analytics.You have accessed the Protection Status dashboard and find that there is a device that is not reporting.Which of the following could be a reason for this occurring? A. Windows Defender System Guard is incorrectly configured. B. You need to install the Azure Diagnostic extension. C. Windows Defender Application Guard is incorrectly configured. D. The Microsoft Malicious Software Removal tool is installed.

B. You need to install the Azure Diagnostic extension.

Your company has a Microsoft 365 subscription.You have enrolled all the company computers in Microsoft Intune.You have been tasked with making sure that devices with a high Windows Defender Advanced Threat Protection (Windows Defender ATP) risk score are locked.Which of the following actions should you take? A. You should create a device configuration profile. B. You should create a device compliance policy. C. You should create a Windows AutoPilot deployment profile. D. You should create a conditional access policy.

B. You should create a device compliance policy.

You have a Microsoft 365 tenant that contains the devices shown in the following table. https://gyazo.com/b42343e348e880a46def4fc45dc2f18c You need to assign app protection settings to the devices.What is the minimum number of app protection policies required? A. 1 B. 2 C. 3 D. 4 E. 5

C. 3

You have a public computer named Public1 that runs Windows 10.Users use Public1 to browse the internet by using Microsoft Edge.You need to view events associated with website phishing attacks on Public1.Which Event Viewer log should you view? A. Applications and Services Logs > Microsoft\Windows > DeviceGuard > Operational B. Applications and Services Logs > Microsoft > Windows > Security-Mitigations > User Mode C. Applications and Services Logs > Microsoft > Windows > SmartScreen > Debug D. Applications and Services Logs > Microsoft > Windows > Microsoft Defender > Operational

C. Applications and Services Logs > Microsoft > Windows > SmartScreen > Debug

Your network contains an Active Directory domain named contoso.com. The domain contains computers that run Windows 10 and are joined to the domain.The domain is synced to Microsoft Azure Active Directory (Azure AD).You create an Azure Log Analytics workspace and deploy the Device Health solution.You need to enroll the computers in Windows Analytics.Which Group Policy setting should you configure? A. Specify intranet Microsoft update service location B. Allow Telemetry C. Configure the Commercial ID D. Connected User Experiences and Telemetry

C. Configure the Commercial ID

Your network contains an Active Directory domain named contoso.com. The domain contains computers that run Windows 10 and are joined to the domain.The domain is synced to Microsoft Azure Active Directory (Azure AD).You create an Azure Log Analytics workspace and deploy the Update Compliance solution.You need to enroll the computers in the Update Compliance solution.Which Group Policy setting should you configure? A. Specify intranet Microsoft update service location B. Allow Telemetry C. Configure the Commercial ID D. Connected User Experiences and Telemetry

C. Configure the Commercial ID

You have computers that run Windows 8.1 or Windows 10. All the computers are enrolled in Microsoft Intune, Endpoint Configuration Manager, and DesktopAnalytics. Co-management is enabled for your environment.You plan to upgrade the Windows 8.1 computers to Windows 10.You need to identify which Windows 8.1 computers do NOT have supported Windows 10 drivers.What should you use? A. the General Hardware Inventory report in Configuration Manager B. the List of devices in a specific device category report in Configuration Manager C. Deployment plans in Desktop Analytics D. the Device compliance report in Intune

C. Deployment plans in Desktop Analytics

Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).You have the Windows 10 devices shown in the following table. https://gyazo.com/2dd4741eea5c02ca8b4995759642899c You need to ensure that you can use co-management to manage all the Windows 10 devices.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Join Device 1, Device2, and Device4 to Azure AD. B. Unjoin Device3, Device5, and Device6 from Azure AD, and then register the devices in Azure AD. C. Enroll Device4 and Device5 in Intune. D. Join Device2, Device3, and Device5 to the domain. E. Install the Endpoint Configuration Manager agent on Device1 and Device3.

C. Enroll Device4 and Device5 in Intune. E. Install the Endpoint Configuration Manager agent on Device1 and Device3.

Your company has computers that run Windows 10. The company uses Microsoft Intune to manage the computers.You have an app protection policy for Microsoft Edge. You assign the policy to a group.On a computer named Computer1, you open Microsoft Edge.You need to verify whether Microsoft Edge on Computer1 is protected by the app protection policy.Which column should you add in Task Manager? A. Operating system context B. UAC virtualization C. Enterprise Context D. Data Execution Prevention

C. Enterprise Context

You have a Microsoft 365 subscription.You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.What should you use? A. Folder Redirection B. The Microsoft SharePoint Migration Tool C. Enterprise State Roaming D. Roaming user profiles

C. Enterprise State Roaming

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains two computers named Computer1 and Computer2. The computers runWindows 10 and are members of a group named GroupA.The tenant contains a user named User1 that is a member of a group named Group1.You need to ensure that if User1 changes the desktop background on Computer1, the new desktop background will appear when User1 signs in to Computer2.What should you do? A. Create a device configuration profile for Windows 10 and configure the Shared multi-user device settings. Assign the profile to Group1. B. Create a device configuration profile for Windows 10 and configure the Shared multi-user device settings. Assign the profile to GroupA. C. From the Azure Active Directory admin center, enable Enterprise State Roaming for Group1. D. From the Azure Active Directory admin center, enable Enterprise State Roaming for GroupA.

C. From the Azure Active Directory admin center, enable Enterprise State Roaming for Group1.

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/d8c1506a8ce02b5f2b37149b4982a841 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/b6657c98e80936f3ce08e0932412f32c Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionYou need to meet the technical requirements for the IT department.What should you do first? A. From the Azure Active Directory blade in the Azure portal, enable Seamless single sign-on. B. From the Configuration Manager console, add an Intune subscription. C. From the Azure Active Directory blade in the Azure portal, configure the Mobility (MDM and MAM) settings. D. From the Microsoft Intune blade in the Azure portal, configure the Windows enrollment settings.

C. From the Azure Active Directory blade in the Azure portal, configure the Mobility (MDM and MAM) settings.

You have a hybrid deployment of Azure Active Directory (Azure AD) that contains 50 Windows 10 devices. All the devices are enrolled in Microsoft EndpointManager.You discover that Group Policy settings override the settings configured in Microsoft Endpoint Manager policies.You need to ensure that the settings configured in Microsoft Endpoint Manager override the Group Policy settings.What should you do? A. From the Microsoft Endpoint Manager admin center, create an Administrative Templates device profile B. From Group Policy Management Editor, configure the Computer Configuration settings in the Default Domain Policy C. From the Microsoft Endpoint Manager admin center, create a custom device profile D. From Group Policy Management Editor, configure the User Configuration settings in the Default Domain Policy

C. From the Microsoft Endpoint Manager admin center, create a custom device profile

Your network contains an Active Directory domain. The domain contains 10 computers that run Windows 8.1 and use local user profiles.You deploy 10 new computers that run Windows 10 and join the computers to the domain.You need to migrate the user profiles from the Windows 8.1 computers to the Windows 10 computers.What should you do? A. From the Windows 8.1 computer of each user, run imagex.exe/capture, and then from the Windows 10 computer of each user, run imagex.exe/apply. B. Configure roaming user profiles for the users. Instruct the users to first sign in to and out of their Windows 8.1 computer and then to sign in to their Windows 10 computer. C. From the Windows 8.1 computer of each user, run scanstate.exe, and then from the Windows 10 computer of each user, run loadstate.exe. D. Configure Folder Redirection for the users. Instruct the users to first sign in to and out of their Windows 8.1 computer, and then to sign in to their Windows 10 computer.

C. From the Windows 8.1 computer of each user, run scanstate.exe, and then from the Windows 10 computer of each user, run loadstate.exe.

https://gyazo.com/560e651830bc9f6da4a3e4849cd271d7

C. Install the root certificate

Your network contains an Active Directory domain. The domain contains computers that run Windows 10.All users use Roaming User Profiles.You have a user named Public1 that is used to sign-in to a public computer.You need to prevent changes to the user settings of Public1 from being saved to the user profile.What should you do? A. Rename the Roaming User Profile folder to Public1.man B. Rename Ntuser.dat to Ntuser.v6 C. Rename Ntuser.dat to Ntuser.man D. Rename the Roaming User Profile folder to Public1.v1

C. Rename Ntuser.dat to Ntuser.man

You have 500 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You plan to distribute certificates to the computers by using Simple Certificate Enrollment Protocol (SCEP).You have the servers shown in the following table. https://gyazo.com/8b51467dbe595abb6ceecfeca62baaab NDES issues certificates from the subordinate CA.You are configuring a device profile as shown in the exhibit. (Click the Exhibit tab.)You need to complete the SCEP profile. https://gyazo.com/84e5e9682d19726b1f7910a64f94b771 On which server is the required root certificate located? A. Server1 B. Server2 C. Server3 D. Server4

C. Server3

Your company's environment includes the following:✑ Microsoft Azure Active Directory (Azure AD)✑ Microsoft 365✑ Microsoft Intune✑ Azure Information Protection.A new security policy declares that enrollment for private devices in Intune is not required. However, to access corporate email information, users have to make use of a PIN for authentication purposes. Also, users are able to access corporate cloud services from their private iOS and Android devices. Furthermore, the copying corporate email information to a cloud storage service should not be allowed, unless users are copying the information to Microsoft OneDrive forBusiness.You have to make sure that security policy is enforced.Which of the following actions should you take? A. You should create a data loss prevention (DLP) policy. B. You should create a device enrollment policy. C. You should create an app protection policy. D. You should create a Windows AutoPilot deployment profile.

C. You should create an app protection policy

You are responsible for your company's Microsoft 365 environment, with co-management enabled.All company computers have been deployed via Microsoft Deployment Toolkit (MDT), and have Windows 10 installed.You have been tasked devising a strategy for deploying Microsoft Office 365 ProPlus to new computers. You have to make sure that most recent version is installed at all times, while also reducing the effort required to meet the prerequisites.Which of the following actions should you take? A. You should make use of Windows Deployment Services (WDS). B. You should make use of the Microsoft Deployment Toolkit C. You should make use of the Office Deployment Tool (ODT). D. You should make use of a Windows Configuration Designer provisioning packag

C. You should make use of the Office Deployment Tool (ODT).

Your company standardizes on Windows 10 Enterprise for all users.Some users purchase their own computer from a retail store. The computers run Windows 10 Pro.You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to Microsoft Azure Active Directory (Azure AD), and install several Microsoft Store apps. The solution must meet the following requirements:✑ Ensure that any applications installed by the users are retained.✑ Minimize user intervention.What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. Microsoft Deployment ToolKit (MDT) B. Windows Deployment Services (WDS) C. a Windows Configuration Designer provisioning package D. Windows AutoPilot

C. a Windows Configuration Designer provisioning package

You have a Microsoft 365 subscription. All devices run Windows 10.You need to prevent users from enrolling the devices in the Windows Insider Program.What two configurations should you perform from the Endpoint Management admin center? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. a Windows 10 security baseline B. an app configuration policy C. a custom device configuration profile D. a Windows 10 update ring E. a device restrictions device configuration profile

C. a custom device configuration profile D. a Windows 10 update ring

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).The Active Directory domain contains 200 computers that run Windows 10. The computers are managed by using Microsoft System Center ConfigurationManager (Current Branch).You need to pilot co-management for only five of the computers.What should you create first? A. a domain local distribution group in Active Directory B. an Intune Connector for Active Directory C. a device collection in Endpoint Configuration Manager D. a dynamic device group in Azure AD

C. a device collection in Endpoint Configuration Manager

You need to consider the underlined segment to establish whether it is accurate.To enable Windows Defender Credential Guard on Windows 10 computers, the computers must have Hyper-V installed.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.What should you install on the computers? A. No adjustment required. B. Windows Defender Smartscreen C. a virtual machine D. a container cluster

C. a virtual machine

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).Existing on-premises computers are managed by using Microsoft Endpoint Configuration Manager. You configure contoso.com for co-management.You deploy 100 new devices that run Windows 10. The devices are joined to Azure AD and enrolled in Microsoft Intune.You need to ensure that the devices are co-managed.What should you create in Intune first? A. a conditional access policy B. a device compliance policy C. an app for the Endpoint Configuration Manager client D. a device configuration profile E. an app configuration policy

C. an app for the Endpoint Configuration Manager client

Your company implements Microsoft Azure Active Directory (Azure AD), Microsoft 365, Microsoft Intune, and Azure Information Protection.The company's security policy states the following:✑ Personal devices do not need to be enrolled in Intune.✑ Users must authenticate by using a PIN before they can access corporate email data.✑ Users can use their personal iOS and Android devices to access corporate cloud services.✑ Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.You need to configure a solution to enforce the security policy.What should you create? A. a data loss prevention (DLP) policy from the Microsoft 365 Compliance admin center B. an insider risk management policy from the Microsoft 365 Compliance admin center C. an app protection policy from the Endpoint Management admin center D. a device configuration profile from the Endpoint Management admin center

C. an app protection policy from the Endpoint Management admin center

Your network contains an Active Directory forest. The forest contains a single domain and three sites named Site1, Site2, and Site3. Each site is associated to two subnets. Site1 contains two subnets named SubnetA and SubnetB.All the client computers in the forest run Windows 10. Delivery Optimization is enabled.You have a computer named Computer1 that is in SubnetA.From which hosts will Computer1 download updates? A. the computers in Site1 only B. any computer in the domain C. the computers in SubnetA only D. any computer on the network

C. the computers in SubnetA only

Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune.You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort.What should you use? A. An Autodiscover address record. B. A Windows AutoPilot deployment profile. C. An Autodiscover service connection point (SCP). D. A Group Policy object (GPO).

D. A Group Policy object (GPO)

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/b8345201c548b3a65aae6cab59c8f679 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/27b8f39491923617a26750da491656a5 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionYou need to meet the technical requirements for the iOS devices.Which object should you create in Intune? A. A compliance policy B. An app protection policy C. A deployment profile D. A device configuration profile

D. A device configuration profile

You have computers that run Windows 10 Pro. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You need to upgrade the computers to Windows 10 Enterprise.What should you configure in Intune? A. A device enrollment policy B. A device cleanup rule C. A device compliance policy D. A device configuration profile

D. A device configuration profile

You need to consider the underlined segment to establish whether it is accurate.Your company has Microsoft Azure Active Directory (Azure AD) joined Windows 10 Pro computers that have been enrolled in Microsoft Intune.You have been tasked with making sure that the computers are upgraded to Windows 10 Enterprise.You start by configuring a device enrollment policy in Intune.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.What should you configure in Intune? A. No adjustment required B. an app protection policy C. a Windows AutoPilot deployment profile D. A device configuration profile

D. A device configuration profile

You need to consider the underlined segment to establish whether it is accurate.To enable sideload a LOB application in Windows 10, you should run the Install-Package cmdlet.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required. B. Install-PackageProvider C. Save-Package D. Add-AppxPackage

D. Add-AppxPackage

Your company has a Microsoft Azure Active Directory (Azure AD) tenant. All users in the company are licensed for Microsoft Intune.You need to ensure that the users enroll their iOS device in Intune.What should you configure first? A. A Device Enrollment Program (DEP) token. B. An Intune device configuration profile. C. A Device enrollment manager (DEM) account. D. An Apple MDM Push certificate.

D. An Apple MDM Push certificate.

Your company has a main office and six branch offices. The branch offices connect to the main office by using a WAN link. All offices have a local Internet connection and a Hyper-V host cluster.The company has a Microsoft Endpoint Configuration Manager deployment. The main office is the primary site. Each branch office has a distribution point.All computers that run Windows 10 are managed by using both Configuration Manager and Microsoft Intune.You plan to deploy the latest build of Microsoft Office 365 ProPlus to all the computers.You need to minimize the amount of network traffic on the company's Internet links for the planned deployment.What should you include in the deployment plan? A. From Intune, configure app assignments for the Office 365 ProPlus suite. In each office, copy the Office 365 distribution files to a Microsoft Deployment Toolkit (MDT) deployment share. B. From Intune, configure app assignments for the Office 365 ProPlus suite. In each office, copy the Office 365 distribution files to a Configuration Manager distribution point. C. From Endpoint Configuration Manager, create an application deployment. Copy the Office 365 distribution files to a Configuration Manager cloud distribution point. D. From Endpoint Configuration Manager, create an application deployment. In each office, copy the Office 365 distribution files to a Configuration Manager distribution point.

D. From Endpoint Configuration Manager, create an application deployment. In each office, copy the Office 365 distribution files to a Configuration Manager distribution point.

You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune.You need to review the servicing status of a computer.What should you do? A. From Device configuration - Profiles, view the device status. B. From Device compliance, view the device compliance. C. From Software updates, view the audit logs. D. From Software updates, view the Per update ring deployment state.

D. From Software updates, view the Per update ring deployment state.

You have a Microsoft 365 tenant that contains the objects shown in the following table. https://gyazo.com/1185e6a7e296a01ab07f9652263fd29d You are creating a compliance policy named Compliance1.Which objects can you specify in Compliance1 as additional recipients of noncompliance notifications? A. Group1, Group2, Group3, Group4, and Admin1 B. Group1, Group2, Group3, and Group4 only C. Group3, Group4, and Admin1 only D. Group1, Group2, and Group3 only E. Group3 and Group4 only

D. Group1, Group2, and Group3 only

You have a Microsoft 365 tenant that contains the objects shown in the following table. https://gyazo.com/b46337bd8b555e5a5e6b2fca28c8d610 In the Microsoft Endpoint Manager admin center, you are creating a Microsoft 365 Apps app named App1.To which objects can you assign App1? A. Admin1, Group3, and Group4 only B. Group1, Group2, Group3, and Group4 only C. Admin1, Group1, Group2, Group3, and Group4 D. Group1, Group3, and Group4 only E. Group3 and Group4 only

D. Group1, Group3, and Group4 only

Your company uses Microsoft Intune.More than 500 Android and iOS devices are enrolled in the Intune tenant.You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.You need to ensure that the policies can target the devices based on their version of Android or iOS.What should you configure first? A. Corporate device identifiers in Intune B. Device settings in Microsoft Azure Active Directory (Azure AD) C. Device categories in Intune D. Groups that have dynamic membership rules in Microsoft Azure Active Directory (Azure AD)

D. Groups that have dynamic membership rules in Microsoft Azure Active Directory (Azure AD)

You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace.You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.You need to ensure that you can use Log Analytics to query events from Computer1.What should you do on Computer1? A. Configure the commercial ID B. Join Azure Active Directory (Azure AD) C. Create an event subscription D. Install the Microsoft Monitoring Agent

D. Install the Microsoft Monitoring Agent

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You need to ensure that only applications that you explicitly allow can run on the computers.What should you use? A. Microsoft Defender Credential Guard B. Microsoft Defender Exploit Guard C. Microsoft Defender Application Guard D. Microsoft Defender Application Control

D. Microsoft Defender Application Control

You use Microsoft Defender for Endpoint to protect computers that run Windows 10.You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline.Which tool should you use? A. Microsoft Defender Security Center B. Desktop Analytics C. Microsoft Defender for Endpoint Power BI app D. Microsoft Secure Score

D. Microsoft Secure Score

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has anAll Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.Contoso has a Microsoft 365 E5 subscription.Environment -Network Environment -The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table. https://gyazo.com/fe69ea2115c3d18ef1ed30fa67fb30d2 https://gyazo.com/36ee150494a2720974b04fa4eb4605db https://gyazo.com/6fc6225809ae8359a03f1213d8b3812e The Automatic Enrollment settings have the following configurations:MDM user scope: GroupAMAM user scope: GroupBYou have an Endpoint protection configuration profile that has the following Controlled folder access settings:Name: Protection1Folder protection: EnableList of apps that have access to protected folders: C:\*\AppA.exeList of additional folders that need to be protected: D:\Folder1Assignments:- Included groups: Group2, GroupBWindows Autopilot Configuration -Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.v https://gyazo.com/c3d9bf84ec577a738a76ef595788b496 Currently, there are no devices deployed by using Window Autopilot.The Intune connector for Active Directory is installed on Server1.Requirements -Planned Changes -Contoso plans to implement the following changes:Purchase a new Windows 10 device named Device6 and enroll the device in Intune.New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.Deploy a network boundary configuration profile that will have the following settings:- Name: Boundary1- Network boundary: 192.168.1.0/24- Scope tags: Tag1- Assignments:- - Included groups: Group1, Group2Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:- Name: Connection1- Connection name: VPN1- Connection type: L2TP- Assignments:- - Included groups: Group1, Group2, GroupA- - Excluded groups: --- Name: Connection2- Connection name: VPN2- Connection type: IKEv2- Assignments:- - Included groups: GroupA- - Excluded groups: GroupBPurchase an app named App1 that is available in Microsoft Store for Business and to assign the app to all the users.Technical Requirements -Contoso must meet the following technical requirements:Users in GroupA must be able to deploy new computers.Administrative effort must be minimized.QuestionWhich users can purchase and assign App1? A. User3 only B. User1 and User3 only C. User1, User2, User3, and User4 D. User1, User3, and User4 only E. User3 and User4 only

D. User1, User3, and User4 only

You use Microsoft Intune to manage client computers. The computers run one of the following operating systems:✑ Windows 8.1✑ Windows 10 Pro✑ Windows 10 Enterprise✑ Windows 10 Enterprise LTSCYou plan to manage Windows updates on the computers by using update rings.Which operating systems support update rings? A. Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Enterprise LTSC only B. Windows 8.1, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Enterprise LTSC C. Windows 10 Enterprise and Windows 10 Enterprise LTSC only D. Windows 10 Pro and Windows 10 Enterprise only

D. Windows 10 Pro and Windows 10 Enterprise only

You have following types of devices enrolled in Microsoft Intune:✑ Windows 10✑ Android✑ iOSFor which types of devices can you create VPN profiles in Microsoft Endpoint Manager? A. Windows 10 only B. Windows 10 and Android only C. Windows 10 and iOS only D. Windows 10, Android, and iOS E. Android and iOS only

D. Windows 10, Android, and iOS

Your company has a Microsoft 365 subscription configured for their environment. All devices in the environment have Windows 10 installed.You have been instructed to make sure that users are not allowed to enroll devices in the Windows Insider Program.To achieve your goal, you access Microsoft 365 Device Management.Which of the following actions should you take? A. You should configure a Windows 10 security baseline. B. You should configure an app protection policy. C. You should configure device restriction policy. D. You should configure a Windows 10 update ring.

D. You should configure a Windows 10 update ring.

Your company has a Microsoft 365 subscription.You have enrolled all the company computers in Microsoft Intune.You have been tasked with making sure that Microsoft Exchange Online is only accessible from known locations.Which of the following actions should you take? A. You should create a device configuration profile. B. You should create a device compliance policy. C. You should create a Windows AutoPilot deployment profile. D. You should create a conditional access policy.

D. You should create a conditional access policy.

You have a Microsoft 365 subscription.You have a conditional access policy that requires multi-factor authentication (MFA) for users in a group name Sales when the users sign in from a trusted location. The policy is configured as shown in the exhibit. (Click the Exhibit tab.) https://gyazo.com/b7837e2b9fe64a192dbe6ac1a7658d4c You create a compliance policy.You need to ensure that the users are authenticated only if they are using a compliant device.What should you configure in the conditional access policy? A. a condition B. a session control C. a cloud app D. a grant control

D. a grant control

You need to consider the underlined segment to establish whether it is accurate.Your company's Microsoft Azure subscription includes an Azure Log Analytics workspace.After deploying a new Windows 10 computer, which belongs to a workgroup, you are tasked with making sure that you are able to utilize Log Analytics to query events from the new computer.You configure the new computer's commercial ID.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.What should you do on Computer1? A. No adjustment required. B. install the Azure Diagnostic extension on the new computer C. install the Dependency agent on the new computer D. install the Microsoft Monitoring Agent on the new computer

D. install the Microsoft Monitoring Agent on the new computer

You have the Microsoft Deployment Toolkit (MDT) installed.You install and customize Windows 10 on a reference computer.You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers.Which command should you run before you capture the image? A. dism B. wpeinit C. bcdedit D. sysprep

D. sysprep

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains computers that runWindows 10. The computers are enrolled in Microsoft Intune and Windows Analytics.Your company protects documents by using Windows Information Protection (WIP).You need to identify non-approved apps that attempt to open corporate documents.What should you use? A. the Device Health solution in Windows Analytics B. Microsoft Cloud App Security C. Intune Data Warehouse D. the App protection status report in Intune

D. the App protection status report in Intune

You have a Microsoft Intune subscription associated to an Azure Active Directory (Azure AD) tenant named contoso.com.Users use one of the following three suffixes when they sign in to the tenant: us.contoso.com, eu.contoso.com, or contoso.com.You need to ensure that the users are NOT required to specify the mobile device management (MDM) enrollment URL as part of the enrollment process. The solution must minimize the number of changes.Which DNS records do you need? A. three TXT records B. one CNAME record only C. one TXT record only D. three CNAME records

D. three CNAME records

https://gyazo.com/72045cea550d48e8b85f385686413120 What is the maximum number of devices on which you can run Package1 successfully? A. 1 B. 10 C. 25 D. unlimited

D. unlimited

HOTSPOT -You have unrooted devices enrolled in Microsoft Intune as shown in the following table. https://gyazo.com/8d497d197b41bc9c1602490160835fc1 The devices are members of a group named Group1.In Intune, you create a device compliance location that has the following configurations:✑ Name: Network1✑ IPv4 range: 192.168.0.0/16In Intune, you create a device compliance policy for the Android platform. The policy has following configurations:✑ Name: Policy1✑ Device health: Rooted devices: Block✑ Locations: Location: Network1✑ Mark device noncompliant: Immediately✑ Assigned: Group1In Intune device compliance policy has the following configurations:✑ Mark devices with no compliance policy assigned as: Compliant✑ Enhanced jailbreak detection: Enabled✑ Compliance status validity period (days): 20For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/f2d46ad6543d4c3cae3b8f5c5dfdeb27

https://gyazo.com/414656eb1557947c2c2c37cfe90e9ea0

https://gyazo.com/30f275259143876ca9f6b591e0a7d316

https://gyazo.com/47164070005e1a79789fd5305844c4f8

HOTSPOT -You have computers that run Windows 10 as shown in the following table. https://gyazo.com/8f14b02c41fee8e9afc57d02ba29d1a7 Computer2 and Computer3 are enrolled in Microsoft Intune.In a Group Policy object (GPO) linked to the domain, you enable the Computer Configuration/Administrative Templates/Windows Components/Search/AllowCortana setting.In an Intune device configuration profile that is assigned to an Azure Active Directory group that includes Computer2 and Computer3, you configure the following:✑ Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP to a value of 1✑ Experience/AllowCortana to a value of 0.Each of the following statement, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/c14f3bc2409e15405a51f02a0162dcba

https://gyazo.com/4adbcf95a0322b9dbd6b92aff74b37df

https://gyazo.com/4d97e261e5527a93444c49fe932c2221 User1 signs in to Computer1, creates the following files, and then signs out:✑ File1.docx in C:\Users\User1\Desktop✑ File2.docx in C:\Users\Public\Public Desktop✑ File3.docx in C:\Users\Default\ DesktopUser3 then signs in to Computer1 and creates a file named File4.docx in C:\Users\User3\Desktop.User2 has never signed in to Computer1.How many DOCX files will appear on the desktop of each user the next time each user signs in? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/1c042d69ad2979379795563e24cb44c4

https://gyazo.com/4be889fc0ffb0fc9664d747528dfacbe

DRAG DROP -You use the Antimalware Assessment solution in Microsoft Azure Log Analytics.From the Protection Status dashboard, you discover the computers shown in the following table. https://gyazo.com/63a2f46006bad98ab4b8744478b99ac6 You verify that both computers are connected to the network and running.What is a possible cause of the issue on each computer? To answer, drag the appropriate causes to the correct computers. Each cause may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.Select and Place https://gyazo.com/8ec91e1dc8519f6936b848cd959c2911

https://gyazo.com/4f41cac8ea05ae540791f11db5bb1c52

HOTSPOT -Your network contains an Active Directory domain. The domain contains computers that are managed by using Microsoft Endpoint Configuration Manager.You plan to integrate Configuration Manager and Azure as part of a Desktop Analytics implementation.You create a new organizational unit (OU) and place several test computers that run Windows 10 into the OU.You need to collect diagnostic data from the test computers to Desktop Analytics.✑ App usage and insights data✑ Health monitoring data✑ Deployment status dataThe solution must minimize the data collected.Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/fd763714f676d31a9048d09359e01424

https://gyazo.com/4fc014588968aa63357da7cb08d2255e

HOTSPOT -Your network contains an Active Directory domain. The domain contains 1,200 computers that run Windows 8.1.You deploy an Upgrade Readiness solution in Microsoft Azure and configure the computers to report to Upgrade Readiness.From Upgrade Readiness, you open a table view of the applications.You need to filter the view to show only applications that can run successfully on Windows 10.How should you configure the filter in Upgrade Readiness? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/05cbe5d82c0b606de8e7aedfd41f785c

https://gyazo.com/50dac506c45c862fec19eb6452313815

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/d58b81b82c5e9796399cdb3c40b6f583 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/91a0d9ff0551018512cfc1cfbe04ea95 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionDRAG DROP -You need to meet the technical requirements for the LEG department computers.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: https://gyazo.com/859ca76e58d008d81be360fac4d68243

https://gyazo.com/569b4f5cb64e6497bf07632f086c0fab

HOTSPOT -You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All Windows 10 devices have apps named App1, App2 and App3 installed and are enrolled in Microsoft Intune.You configure the following settings in Windows Information Protection (WIP):✑ Protected apps: App1✑ Exempt apps: App2✑ Windows Information Protection mode: SilentApp1, App2, and App3 use the same file format.You create a file named File1 in App1.You need to identify which apps can open File1.What apps should you identify? To answer, select the appropriate options in the answer area,NOTE: Each correct selection is worth one point.Hot Area:

https://gyazo.com/58497f599558925c62d95adc762478fb

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.General Overview -Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.Existing Environment -Current Business Model -The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.Litware has a Microsoft Endpoint Configuration Manager deployment.During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.Current Environment -The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain isWindows Server 2012 R2. All domain controllers run Windows Server 2012 R2.Litware has the computers shown in the following table. https://gyazo.com/d4261598c529ba0075dbad1c914a79d7 The development department uses projects in Azure DevOps to build applications.Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to a different contractor. Currently, the computers are re-provisioned manually by the IT department.Problem Statements -Litware identifies the following issues on the network:Employees in sales department computers is too time the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.Re-provisioning theconsuming.Requirements -Business Goals -Litware plans to transition to co-management for all the company-owned Windows 10 computers. Whenever possible, Litware wants to minimize hardware and software costs.Device Management Requirements -Litware identifies the following device management requirements:Prevent the sales department employees from forwarding email that contains bank account information.Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.Technical Requirements -Litware identifies the following technical requirements for the planned deployment:Re-provision the sales department computers by using Windows AutoPilot.Ensure that the projects in Azure DevOps can be accessed from the corporate network only.Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.Exhibits -Updates - https://gyazo.com/5784cf08549ff7354d76395c4a868622 QuestionHOTSPOT -You need to recommend a solution to meet the device management requirements.What should you include in the recommendation? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/563c894f003cfad632b01542a992b6ac

https://gyazo.com/59932f87d71571e75fc7b8debacbbf0d

HOTSPOT -Your network contains an on-premises Active Directory forest named contoso.com. The forest contains a user named User1 and two computers namedComputer1 and Computer2 that run Windows 10.User1 is configured as shown in the following exhibit. https://gyazo.com/335f8501554a3fb350d5866a8c2e2942 You rename file \\Server1\Profiles\User1.V6\NTUSER.DAT as NTUSER.MAN.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/269282011f4dad5c2e0dbf011eef1454

https://gyazo.com/5a088da6083ea70d1941c0167b94661b

DRAG DROP -You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.You import a Windows 10 image to DS1.You have an executable installer for an application named App1.You need to ensure that App1 will be installed for all the task sequences that deploy the image.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:

https://gyazo.com/5cae2f091448c1d68035797e0b36c514

DRAG DROP -Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). All computers are joined to the domain and registered to Azure AD.The network contains a Microsoft Endpoint Configuration Manager deployment that is configured for co-management with Microsoft Intune.All the computers in the finance department are managed by using Endpoint Configuration Manager. All the computers in the marketing department are managed by using Intune.You install new computers for the users in the marketing department by using the Microsoft Deployment Toolkit (MDT).You purchase an application named App1 that uses an MSI package.You need to install App1 on the finance department computers and the marketing department computers.How should you deploy App1 to each department? To answer, drag the appropriate deployment methods to the correct departments. Each deployment method may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.NOTE: Each correct selection is worth one point.Select and Place: https://gyazo.com/cc6a1e083b80bcde656ee0b9e2ace1ea

https://gyazo.com/be921f28dae288cc67063be3760c94d4

HOTSPOT -Your network contains an Active Directory domain. The domain contains the computers shown in the following table. https://gyazo.com/ef8a380d0ba3b93c35804bbdf0c56fcd Microsoft Defender Application Guard is installed on the computers.Application Guard Group Policy settings are applied to the computers as shown in the following table. https://gyazo.com/7e5887dfd758f5d17abf21cc7562e378 For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/dc4012d77888f0a0cb377283d3ba019e

https://gyazo.com/c453ff38f15c3d4481b2d811a5cf9784

HOTSPOT -Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains Windows 10 devices that are managed by using Microsoft Endpoint Configuration Manager.You plan to deploy Microsoft 365 Apps for enterprise to the devices by using Configuration Manager.You create a Configuration.xml file as shown in the following exhibit. https://gyazo.com/c1e26366850cfc8dc3f7e4c0de7ff335 Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/369b28b9eaed77ca519bb4090f26450b

https://gyazo.com/cb0f19df360393664e99a7af6faa5d30

HOTSPOT -Your company has an infrastructure that has the following:✑ A Microsoft 365 tenant✑ An Active Directory forest✑ Microsoft Intune✑ A Key Management Service (KMS) server✑ A Windows Deployment Services (WDS) serverA Microsoft Azure Active Directory (Azure AD) Premium tenantThe company purchases 100 new computers that run Windows 10.You need to ensure that the new computers are joined automatically to Azure AD by using Windows Autopilot.What should you use? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/943d643460427399702b99cac36c6dbd

https://gyazo.com/cc2bfd84813f4981f254a6dd23905277

HOTSPOT -You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You need to set a custom image as the wallpaper and sign-in screen.Which two settings should you configure in Device restrictions? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/143765e4c121ad3412ded0014e052aaf

https://gyazo.com/cda6def5777533228ccc6332a3fba8e5

https://gyazo.com/18727e288ac6ae80e8734e2e1e66c88c

https://gyazo.com/d62e59fe05e56b190e9b3179fb4938c0

https://gyazo.com/315fc00d63ebe82dcf5c52e5456749e8

https://gyazo.com/d6b7d2478c3e2f7351a75fee25e17676

HOTSPOT -You have a Microsoft 365 subscription.All computers are enrolled in Microsoft Intune.You have business requirements for securing your Windows 10 environment as shown in the following table. https://gyazo.com/ed944ef81635bd40a44a3d2279ecebff What should you implement to meet each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/a2ece31482f1f091c4b9451d79239989

https://gyazo.com/db619c6312a257e0de3388c0075637a8

HOTSPOT -Your company has a Microsoft Azure Active Directory (Azure AD) tenant and computers that run Windows 10.The company uses Microsoft Intune to manage the computers.The Azure AD tenant has the users shown in the following table. https://gyazo.com/ceff56850ca783b44243f70df2fe273f User3 is a device enrollment manager (DEM) in Intune.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/62806dd18558d8b6cb31634a9102cb5e

https://gyazo.com/dd9219a7f13224983c394695ddca9a44

HOTSPOT -You have a Microsoft 365 tenant that uses Microsoft Intune.From the Microsoft Endpoint Manager admin center, you plan to create a baseline to monitor the Startup score and the App reliability score of enrolled Windows10 devices.You need to identify which tool to use to create the baseline and the minimum number of devices required to create the baseline.What should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/14de246b4ddc03cda4106b11fc444793

https://gyazo.com/e270cdeb42b415957e00f65e3a0ffb59

HOTSPOT -Your network contains an Active Directory domain named constoso.com that is synced to Microsoft Azure Active Directory (Azure AD). All computers are enrolled in Microsoft Intune.The domain contains the computers shown in the following table. https://gyazo.com/28713045433b0c9f21575e614823228f You are evaluating which Intune actions you can use to reset the computers to run Windows 10 Enterprise with the latest update.Which computers can you reset by using each action? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/b1d604fd465f6b94795bc530f413c9d3

https://gyazo.com/e86c86ed853417e1e1fce9a7f43289ac

HOTSPOT -You are licensed for Microsoft Endpoint Manager.You use Microsoft Endpoint Configuration Manager and Microsoft Intune.You have devices enrolled in Configuration Manager as shown in the following table. https://gyazo.com/d9c5e8eb3cb6bee54451a3c94e781f72 In Configuration Manager, you enable co-management and configure the following settings:✑ Automatic enrolment in Intune: Pilot✑ Intune Auto Enrollment: Collection1In Configuration Manager, you configure co-management staging to have the following settings:✑ Compliance policies: Collection2✑ Device Configuration: Collection1In Configuration Manager, you configure co-management workloads as shown in the following exhibit. https://gyazo.com/a8d55d753f77ca70686c04519778421e For each of the following statements, select Yes if the statement is true. Otherwise, select No.Hot Area: https://gyazo.com/18a075b309b1d6c01400334e25c704f5

https://gyazo.com/ee4a938a0be5429a9d6cdd5448da74b2

HOTSPOT -Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.You plan to implement Microsoft Defender Exploit Guard.You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/22c3f03e269324d5237887bbe18f8b55

https://gyazo.com/eead5be74730b1430c17c7c75cc1c8e7

HOTSPOT -You create a Windows Autopilot deployment profile.You need to configure the profile settings to meet the following requirements:✑ Automatically enrol new devices and provision system apps without requiring end-user authentication.Include the hardware serial number in the computer name.Which two settings should you configure? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/3950d8dea197005d5c8f6c8246bd91df

https://gyazo.com/ef637e3627f85e2b102c08369ea84bce

HOTSPOT -You have a hybrid Microsoft Azure Active Directory (Azure AD) tenant.You configure a Windows Autopilot deployment profile as shown in the following exhibit. https://gyazo.com/6b22b22a2f40cbd48a3927de96b3c9b1 Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/1d0d2a419dbf15882b504291c822c428

https://gyazo.com/effd062fc652a29415c96671099d92c7

https://gyazo.com/e9641ea76f861c9b860362209c33b368 You configure the following device settings for the tenant:✑ Users may join devices to Azure AD: User1✑ Additional local administrators on Azure AD joined devices: NoneYou install Windows 10 on a computer named Computer1.You need to identify which users can join Computer1 to adatum.com, and which users will be added to the Administrators group after joining adatum.com.Which users should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/7154380a73a533b976b7e715b0530769

https://gyazo.com/f191ab6209797f42281336314166430a

HOTSPOT -You have a Microsoft Intune subscription.You create the Windows Autopilot deployment profile-shown in the following exhibit. https://gyazo.com/858d668a936463251c34073593e31926 Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/8ed6ca1de2316eb5b583e6f9579b61cc

https://gyazo.com/f3b4aebf951e82fe147c0f73d588f2ba

HOTSPOT -You have a Microsoft Intune subscription that has the following device compliance policy settings:✑ Mark devices with no compliance policy assigned as: Compliant✑ Compliance status validity period (days): 14On January 1, you enroll Windows 10 devices in Intune as shown in the following table. https://gyazo.com/be7a0539971c9ef9cfb608dde1ac2841 On January 4, you create the following two device compliance policies:✑ Name: Policy1✑ Platform: Windows 10 and later✑ Require BitLocker: Require✑ Mark device noncompliant: 5 days after noncompliance✑ Scope (Tags): Tag1✑ Name: Policy2✑ Platform: Windows 10 and later✑ Firewall: Require✑ Mark device noncompliant: Immediately✑ Scope (Tags): Tag2On January 5, you assign Policy1 and Policy2 to Group1.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/5daf505f40466a31c4989feec7220c93

https://gyazo.com/f3bb8a68d7034488d3e34ddf75f7080d

VQuestion #37Topic 4 HOTSPOT -Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.You plan to implement Microsoft Defender Exploit Guard.You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/4dc72c998bab4f7fb64dfa828b4372d4

https://gyazo.com/f3fc7806774e6fc7866e5be37dafce48

HOTSPOT -You have 100 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You need to configure the following device restrictions:✑ Block users from browsing to suspicious websites.✑ Scan all scripts loaded into Microsoft Edge.Which two settings should you configure in Device restrictions? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/ee63406eaf0bd993a890261194dc7323

https://gyazo.com/f5b3dc26a5d7e7bdd488b416f5bbb391

HOTSPOT -You use Microsoft Endpoint Manager to manage Windows 10 devices.You are designing a reporting solution that will provide reports on the following:✑ Compliance policy trends✑ Trends in device and user enrolment✑ App and operating system version breakdowns of mobile devicesYou need to recommend a data source and a data visualization tool for the design.What should you recommend? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/1bc0e2091a4e6832a32c480d4fbf2410

https://gyazo.com/f6d3b55193d94d78d278a1e29d92dfab

https://gyazo.com/86ce22bd3179c9641fc1788c64aa396c

https://gyazo.com/f9c40bb449619e290dd3bbb2be392201

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.Contoso has the users and computers shown in the following table. https://gyazo.com/6077b76115bb73023b5d82f08b8b45a8 The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.Existing Environment -The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.The computers are managed by using Microsoft Endpoint Configuration Manager. The mobile devices are managed by using Microsoft Intune.The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.Intune Configuration -The domain has the users shown in the following table. https://gyazo.com/356714f13e5cab7df4d4d3b1923bb851 Requirements -Planned Changes -Contoso plans to implement the following changes:Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.Start using a free Microsoft Store for Business app named App1.Implement co-management for the computers.Technical Requirements -Contoso must meet the following technical requirements:Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.Monitor the computers in the LEG department by using Windows Analytics.Create a provisioning package for new computers in the HR department.Block iOS devices from sending diagnostic and usage telemetry data.Use the principle of least privilege whenever possible.Enable the users in the MKG department to use App1.Pilot co-management for the IT department.QuestionHOTSPOT -You need to meet the technical requirements for the new HR department computers.How should you configure the provisioning package? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/1c83172dd16a99e9b4016c2c4a0d3547

https://gyazo.com/fa1718f9e119d8b34e21ac35325239d4

https://gyazo.com/e986fc1731f5194abea558620c177ab6

https://gyazo.com/fb8cd41885afa33f43054246d3af118d