- (Exam Topic 4)
You have a Windows 10 device named Computer1 enrolled in Microsoft Intune.
You need to configure Computer1 as a public workstation that will run a single customer-facing, full-screen application.
Which template should you use to create a configuration profile for Computer1 in the Microsoft Endpoint Manager admin center?
Correct Answer:
A
On Windows 10/11 devices, you can configure these devices to run in single-app kiosk mode. On Windows 10 devices, you can configure these devices to run in multi-app kiosk mode.
Single app, full-screen kiosk
Runs only one app on the device, such as a web browser or Store app.
* Select a kiosk mode: Choose Single app, full-screen kiosk.
* Etc.
Reference: https://docs.microsoft.com/en-us/mem/intune/configuration/kiosk-settings-windows
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device 1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
* Assignments
* Users or workload identities: User1
* Cloud apps or actions: Office 365 Exchange Online
* Access controls
* Grant: Block access
You need to configure CAPolicy1 to allow mailbox access from Device 1 but block mailbox access from Device2.
Solution: You add a condition that specifies a trusted locations. Does this meet the goal?
Correct Answer:
B
Instead use solution: You add a condition to filter for devices. Note: Conditional Access: Filter for devices
When creating Conditional Access policies, administrators have asked for the ability to target or exclude specific devices in their environment. The condition filter for devices gives administrators this capability. Now you can target specific devices using supported operators and properties for device filters and the other available assignment conditions in your Conditional Access policies.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device 1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
* Assignments
* Users or workload identities: User1
* Cloud apps or actions: Office 365 Exchange Online
* Access controls
* Grant: Block access
You need to configure CAPolicy1 to allow mailbox access from Device 1 but block mailbox access from Device2.
Solution: You add a condition that specifies device platforms. Does this meet the goal?
Correct Answer:
B
Instead use solution: You add a condition to filter for devices. Note: Conditional Access: Filter for devices
When creating Conditional Access policies, administrators have asked for the ability to target or exclude specific devices in their environment. The condition filter for devices gives administrators this capability. Now you can target specific devices using supported operators and properties for device filters and the other available assignment conditions in your Conditional Access policies.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices
- (Exam Topic 4)
You have a Microsoft 365 subscription and several Conditional Access policies in Azure Active Directory (Azure AD) that contains the resources shown in the following table.
You need to identify which Conditional Access policies will apply to a user when the user signs in to the Microsoft Office 365 portal from a Windows 10 computer.
What should you use?
Correct Answer:
C
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD). You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.
You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.
Solution: You configure roaming user profiles. Does this meet the goal?
Correct Answer:
B
References:
https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles