- (Exam Topic 4)
You have a Microsoft 365 subscription that contains two users named User! and User2. You need to ensure that the users can perform the following tasks:
• User1 must be able to create groups and manage users.
• User2 must be able to reset passwords for nonadministrative users.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Solution:
Box 1: User Administrator User admin
Assign the user admin role to users who you want to access and manage user password resets and manage users and groups. They can also open and manage support requests to Microsoft support.
Box 2: Helpdesk Administrator
Assign the Helpdesk admin role to users who want to reset passwords, force users to sign out for any security issues. They can also open and manage support requests to Microsoft support. The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader.
Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/admin-roles-page
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Contoso.com contains the devices shown in the following table.
In Intune, you create the app protection policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have computers that run Windows 10 and are joined to Azure Active Directory (Azure AD). All users sign in to the computers by using their Azure AD account.
Enterprise State Roaming is enabled.
From the Settings app, a user named User1 adds a Microsoft account. Which account will be used for the Synchronizing Windows setting?
Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-enable
- (Exam Topic 4)
Your company uses Microsoft Intune.
More than 500 Android and iOS devices are enrolled in the Intune tenant.
You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.
You need to ensure that the policies can target the devices based on their version of Android or iOS. What should you configure first?
Correct Answer:
D
https://blogs.technet.microsoft.com/pauljones/2017/08/29/dynamic-group-membership-in-azure-active-directory
- (Exam Topic 4)
You need to enable Windows Defender Credential Guard on computers that run Windows 10. What should you install on the computers?
Correct Answer:
A
