- (Exam Topic 4)
Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).
There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.
You plan to implement Microsoft Defender Exploit Guard.
You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/import-export-expl https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-prot
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the devices shown in the following table.
Contoso.com contains the Azure Active Directory groups shown in the following table.
You add a Windows Autopilot deployment profile. The profile is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: No
Device1 has no Mobile device Management (MDM) configured.
Note: Device1 is running Windows 8.1, and is registered, but not joined. Device1 is in Group1.
Profile1 is assigned to Group1. Box 2: No
Device2 has no Mobile device Management (MDM) configured. Note: Device2 is running Windows 10, and is joined.
Device2 is in Group2. Group2 is in Group1.
Profile1 is assigned to Group1. Box 3: Yes
Device3 has Mobile device Management (MDM) configured. Device3 is running Windows 10, and is joined
Device1 is in Group1.
Profile1 is assigned to Group1.
Mobile device management (MDM) enrollment: Once your Windows 10 device joins Azure AD, Autopilot ensures your device is automatically enrolled with MDMs such as Microsoft Intune. This program can automatically push configurations, policies and settings to the device, and install Office 365 and other business apps without you having to get IT admins to manually sort the device. Intune can also apply the latest updates from Windows Update for Business.
Reference: https://xo.xello.com.au/blog/windows-autopilot
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription and 150 Windows 10 devices. All the devices are enrolled in Microsoft Intune.
You need to use Intune to apply Windows updates to the devices. What should you do first?
Correct Answer:
A
- (Exam Topic 4)
You have a Microsoft Office 365 E1 subscription. You plan to create Conditional Access policies.
You need to ensure that users have the required licenses. The solution must minimize costs. Which type of license should you assign to each user?
Correct Answer:
C
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You have the devices shown in the following table.
You have a Conditional Access policy named CAPolicy1 that has the following settings: 
Assignments
- Users or workload identities: Group1
- 
Cloud apps or actions: All cloud apps Conditions
- Device platforms: include: Windows, Android
- Grant access controls: Require multi-factor authentication
You have a Conditional Access named CAPolicy2 that has the following settings: Assignments
- Users or workload identities: Group2
- Cloud apps or actions: All cloud apps Conditions
- Device platforms: Android
- Access controls: Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
A screenshot of a computer Description automatically generated with medium confidence
Does this meet the goal?
Correct Answer:
A
