NOS 130 ch 11
You're the systems administrator for an international sports equipment retail company. The company requires that the Windows 11 laptops for employees be replaced with new Windows 11 laptops every 3 years. In addition, the company requires the following: When the employees log into their new laptops, all the existing user and application settings need to be in place. There must be a separation of corporate and employee data. Data must be automatically encrypted with Azure Rights Management. Which of the following features would BEST meet the company's requirements? -Windows Information Protection (WIP) -Microsoft Intune -Azure Active Directory single sign-on -Enterprise State Roaming
-Enterprise State Roaming Enterprise State Roaming is designed to securely store user profile and application settings to the cloud, which can then be accessed on any Windows 10 device in the same domain. This means that when the user logs into a new Windows 11 device, all their user and application settings are applied from the cloud. Enterprise State Roaming also provides a separation of corporate and employee data, and the data can be automatically encrypted before storing it with Azure Rights Management.
A user contacts you to let you know their Intune-enrolled device has been remotely locked. What would have caused this? -The user was using an important company application. -The user's device is non-compliant and was remotely locked. -The device is the user's personal device. -Windows Autopilot evaluated the device and locked it.
-The user's device is non-compliant and was remotely locked.
What are two main goals of mobile device management (MDM)?
-users and devices comply with security requirements.
Which of the following are device platforms supported by Microsoft Tunnel for Intune? (Select two.) Windows 10 (and later) Windows 8 (and later) Linux Android iOS/iPadOS
Android iOS/iPadOS
You have created a custom Storage Limits device profile for the laptops on the manufacturing floor of your company. You want to make sure that the profile applies to those laptops and all users on those laptops. Which of the following should you do to meet your requirements? Assign the profile to a distribution group. Assign the profile to a device group. Assign the profile to a security group. Assign the profile to a user group.
Assign the profile to a device group
You have configured the default Intune Wi-Fi device profile. You want to make sure that the profile applies to specific users no matter which device or platform they log into. Which of the following should you do to meet your requirements? Assign the profile to a user group. Assign the profile to a security group. Assign the profile to a distribution group. Assign the profile to a device group.
Assign the profile to a user group.
Which of the following are recommended device configurations before implementing Windows Kiosk mode? (Select three.) Disable automatic restart at the scheduled time. Enable logging. Disable the hardware power button. Set up a kiosk in local Settings. Display the Ease of access feature on the sign-in screen. Hide update notifications. Enable the device camera.
Enable logging. Disable the hardware power button. Hide update notifications.
How do conditional policies work with compliance policies?
Intune's compliance and conditional access policies define specific rules and settings that users and devices must meet to be granted access. Users and devices can be blocked if they do not meet the prescribed requirements.
Which of the following tools allows you to deploy and manage devices supported by Microsoft Tunnel? Select the correct answer from the dropdown list. Microsoft Control Panel Microsoft Device Manager Microsoft Endpoint Manager Microsoft Task Manager
Microsoft Endpoint Manager
As the systems administrator for a company that uses Azure AD and Microsoft Intune to manage their corporate-owned mobile devices, you want to be able to access your Intune data to view reports and charts related to: Devices Enrollments App protection policies Compliance policies Device configuration policies Which tool does Microsoft Intune provide to view these types of reports? -Microsoft Power BI Online reports -Trends reports -Device compliance reports -Diagnostic settings reports
Microsoft Power BI Online reports Microsoft Power BI Online is a cloud-based service where you can view and interact with reports based on your Intune data. Some of the default reports include device, enrollment, app protection, compliance, and device configuration policy reports. You can edit the reports and create visuals based on the existing data model. You can also share and collaborate with co-workers.
You're the systems administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. Many company-owned laptops are currently running Windows 10 and are enrolled in Microsoft Intune. You want to identify which of these laptops can be upgraded to Windows 11. SOLUTION: You create a device compliance policy and assign the policy to the laptops. After 24 hours, you view the device compliance report in Intune. Does this solution help you identify which laptops can be upgraded?
NO In order to identify the Windows 10 laptops that can be upgraded to Windows 11, you need to know if the laptops meet certain Windows 11 requirements, such as Processor: 1 gigahertz (GHz) or faster (or SoC) RAM: 4 gigabyte (GB) Hard disk space: 4 GB Graphics card: DirectX 12 or later with WDDM 2.0 driver
All of your company's and employees' BYOD Windows, iOS and Android devices are currently enrolled in Microsoft Intune. You want to implement an Intune feature that can do the following: Help you manage on-premises resources for users who work remotely using Windows and Android devices. Encrypt and protect the connection between the device and the on-premises resources. Manage access to web applications, internal websites, and file shares through a single control plane in the Intune console. Will Microsoft Tunnel for Intune meet implementation requirements?
NO Microsoft Tunnel for Intune will not meet your requirements, as Microsoft Tunnel does not support the Windows platform.
You're the systems administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following dynamic user groups to manage access to company resources: Managers: jobTitle = "Manager" Consultants: jobTitle = "Customer Consultant" OfficeAdmin: jobTitle = "Office Administrator" SalesReps: jobTitle ="Sales Representative" You've also created a device compliance policy that: Sends an email notification to an employee (and you) to indicate that a device is non-compliant. Is assigned to All Groups, with the exception of users in the OfficeAdmin group. After deploying the device compliance policy, you notice that a Windows 11 device for a Sales Representative isn't listed as a compliant device. SOLUTION: You check with the Sales Represen
NO Simply changing the OfficeAdmin group from static to dynamic doesn't solve the issue, as the OfficeAdmin group continues to be excluded from the compliance policy.
You are setting up a device for Windows Kiosk mode using Microsoft Intune. Which of the following Kiosk mode settings are available to configure the device? (Select three.) Not configured Windows desktop application Run as a digital sign or interactive display Universal Windows app Run as a public web browser Single-app, full-screen kiosk Multi-app kiosk
Not configured Single-app, full-screen kiosk Multi-app kiosk
You have decided to use Windows PowerShell to set up a device in Windows Kiosk mode. From the dropdown list, select the command you need to use to configure the device for Kiosk mode. AppName AppUserModelld Set-AssignedAccess UserSID
Set-AssignedAccess
You are creating an Intune device configuration profile that you want to assign to the HumanResourcesAll group. However, you want to prevent the profile from applying to a small number of training personnel who are included in the group. Which of the following would BEST meet your configuration needs? Use Inclusion Use Exclusion Use a built-in profile Create an HRTrainingAll group
Use Exclusion
Which of the following platforms does not work with custom Intune device configuration profiles? iOS Windows 8.1 Windows 10 and above Android Enterprise
Windows 8.1 Custom device profiles apply to Android, iOS, macOS, and Windows 10 and above. They cannot be used for Windows 8.1.
You're a systems administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created your first device compliance policy that: Marks a device enrolled in Intune as Not Compliant if BitLocker isn't installed and running on a managed Windows 11 device. Sends an email notification to you to indicate that the device is non-compliant. Is assigned to a Test device group. The Test device group includes several new Windows 11 devices. After deploying the device compliance policy to the Test devices group, you receive an email notification for each test device that indicates that the device is Not Compliant. You've installed BitLocker on all the test devices, and the software is running on them. What is the MOST likely reason for the Windows 11 t
You haven't enrolled the devices in Intune.
You're the systems administrator for an international sports equipment retail company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned Windows 11 mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You decide that you want to create an Intune conditional access policy that: Applies the policy to the Office 365, Microsoft Teams, and SharePoint cloud apps. Assigns the policy to Windows platforms. Requires the Windows 11 devices to be marked as Compliant. To properly configure this Intune conditional access policy, you need to perform several tasks. From the list of tasks on the left, drag the tasks to the right in the proper order for creating the policy. (Not all listed tasks are part of creating the policy.)
You need to complete the following tasks in order to create an Intune conditional access policy: -give the policy a name -assign users and user groups -select cloud apps or user actions -select conditions(such as the device platform) -grant or block access based on controls -enable the policy
You're the systems administrator for a fashion design company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following Azure AD device groups: Win11dev: All company-owned Windows 11 mobile devices iPadProdev: All company-owned iPad Pro tablets Androiddev: All company-owned Android mobile devices You've created a Microsoft App Store device configuration profile that restricts several options for employee management of apps in the Microsoft Store. These setting apply on the employees' managed Windows 11 mobile devices. However, when you test the device profile on a limited number of the Windows 11 mobile devices, you find that the device profile configurations aren't being applied. SOLUTION: You check the assignments for the device profile and notice that there are
yes
You're the systems administrator for an international sports equipment retail company that uses Azure Active Directory (AD) and Microsoft Intune to their manage mobile devices. All company-owned mobile devices are registered in Azure AD, enrolled in Microsoft Intune, and have BitLocker installed and running.You've created a conditional access policy that: Includes an assigned Test user group. Applies the policy to the Microsoft 365, Microsoft Teams, and SharePoint cloud apps. Assigns the policy to Windows platforms. Requires the Windows device to be marked as Compliant.In addition, there's a device compliance policy that requires BitLocker to be installed and running on a Windows 11 device for the device to be marked as Compliant.After deploying the conditional access policy, you find that the policy isn't being applied to the user accounts in your Test user group. SOLUTION: You check the conditional access policy se
yes
You're the systems administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following dynamic user groups to manage access to company resources: Managers: jobTitle = "Manager" Consultants: jobTitle = "Customer Consultant" OfficeAdmin: jobTitle = "Office Administrator" SalesReps: jobTitle = "Sales Representative" You've created a conditional access policy that: Includes the SalesReps and Consultants user groups. Excludes the Managers user group. Applies the policy to the Microsoft 365, Microsoft Teams, and SharePoint cloud apps. Assigns the policy to Windows platforms. Requires that the Windows devices be marked as Compliant. Has a Location condition assigned to a Blocked Countries named location that blocks access from sev
yes Because the consultant's Windows 11 mobile device is Compliant, and she's in the Consultants user group (included in the policy), she's being blocked from accessing Microsoft Teams by the Blocked Countries named location. However, until she's located in a country that's not blocked, she can still participate in the Teams meeting by calling in with her cell phone.
