- (Exam Topic 4)
You have a Microsoft 365 subscription that contains 1,000 Android devices enrolled in Microsoft intune. You create an app configuration policy that contains the following settings:
• Device enrollment type: Managed devices
• Profile Type: All Profile Types
• Platform: Android Enterprise
Which two types of apps can be associated with the policy? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Correct Answer:
AD
- (Exam Topic 1)
You need to meet the device management requirements for the developers. What should you implement?
Correct Answer:
B
Litware identifies the following device management requirements:
Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in. Enterprise State Roaming allows for the synchronization of Microsoft Edge browser setting, including
favorites and reading list, across devices.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-windows-settings-refer
- (Exam Topic 4)
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup and has the local users shown in the following table.
UserA joins Computer1 to Azure AD by using user1@contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: No
Users may join devices to Azure AD: This setting enables you to select the users who can register their devices as Azure AD joined devices. The default is All.
Box 2: Yes
Admin1@contoso.com is an Azure AD security administrator Security Administrator
Users with this role have permissions to manage security-related features in the Microsoft 365 Defender portal, Azure Active Directory Identity Protection, Azure Active Directory Authentication, Azure Information
Protection, and Office 365 Security & Compliance Center. This includes:
* Microsoft Defender for Endpoint Assign roles
Manage machine groups
Configure endpoint threat detection and automated remediation View, investigate, and respond to alerts
View machines/device inventory Box 3: No
Admin2@contoso.com is an Azure AD Cloud device administrator. Cloud Device Administrator
Users in this role can enable, disable, and delete devices in Azure AD and read Windows 10 BitLocker keys (if present) in the Azure portal. The role does not grant permissions to manage any other properties on the device.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#configure-dev
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have computers that run Windows 10, are joined to Azure Active Directory (Azure AD), and are enrolled in Microsoft Intune.
You have an Azure web app named App1. App1 only allows connections over HTTPS. App1 uses a certificate from an on-premises certification authority (CA).
You need to ensure that the computers can connect to App1 from Microsoft Edge.
Which type of device configuration profile should you create in Microsoft Endpoint Manager?
Correct Answer:
B
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure https://docs.microsoft.com/en-us/mem/intune/protect/certificates-configure
- (Exam Topic 4)
You use Microsoft Defender for Endpoint to protect computers that run Windows 10.
You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline.
Which tool should you use?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwid
