2024 Updated Verified Pass MD-102 Study Guides & Best Courses
Ultimate Guide to the MD-102 - Latest Edition Available Now
NEW QUESTION # 123
You use Microsoft Endpoint Manager to manage Windows 10 devices.
You are designing a reporting solution that will provide reports on the following:
Compliance policy trends
Trends in device and user enrolment
App and operating system version breakdowns of mobile devices
You need to recommend a data source and a data visualization tool for the design.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated
Reference:
https://docs.microsoft.com/en-us/mem/intune/developer/reports-nav-create-intune-reports
https://docs.microsoft.com/en-us/mem/intune/developer/reports-proc-get-a-link-powerbi
NEW QUESTION # 124
You are creating a device configuration profile in Microsoft Intu
You need to configure specific OMA-URI settings in the profile.
Which profile type template should you use?
- A. Device restrictions (Windows 10 Team)
- B. Device restrictions
- C. Custom
- D. Identity protection
Answer: C
NEW QUESTION # 125
You need to meet the technical requirements for the LEG department computers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Create a Azure Log Analytics workspace.
2 - Add a solution to a workspace.
3 - Configure the commercial ID on teh LEG department computers.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-azure-portal
NEW QUESTION # 126
You have a Microsoft Intune deployment that contains the resources shown in the following table.
You create a policy set named Set1 and add Comply1 to Set1.
Which additional resources can you add to Set1?
- A. Comply2 only
- B. CA1. Conf1. and Office 1 only
- C. Conf1 only
- D. Comply2 and Conf1 only
- E. Comply2. CA1, Conf1. and Office1
Answer: A
NEW QUESTION # 127
You need to meet the technical requirements for the new HR department computers.
How should you configure the provisioning package? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-accounts
NEW QUESTION # 128
You have a Microsoft 365 E5 subscription.
You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.
What should you select in the Microsoft Endpoint Manager admin center?
- A. Apps. and then Monitor
- B. Reports, and the Device compliance
- C. Apps. and then App protection policies
- D. Devices, and then Monitor
Answer: C
Explanation:
App report: You can search by platform and app, and then this report will provide two different app protection statuses that you can select before generating the report. The statuses can be Protected or Unprotected.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies-monitor
NEW QUESTION # 129
You have an Azure AD tenant named contoso.com.
You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com.
What should you configure?
- A. provisioning packages for Windows
- B. Security defaults in Azure AD
- C. Device settings in Azure AD
- D. Windows Autopilot
Answer: C
Explanation:
Explanation
To ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com, you should configure the Device settings in Azure AD. The Device settings allow you to manage which users can join devices to Azure AD and whether they are added as local administrators or standard users. By default, users who join devices to Azure AD are added to the local Administrators group, but you can change this setting to None or Selected1.
The other options are not relevant for this scenario because:
Windows Autopilot is a service that allows you to pre-configure new devices and enroll them automatically to Azure AD and Microsoft Intune. It does not control the local administrator role of the users who join the devices2.
Provisioning packages for Windows are files that contain custom settings and policies that can be applied to Windows devices during the setup process. They do not affect the Azure AD join process or the local administrator role of the users3.
Security defaults in Azure AD are a set of basic identity security mechanisms that are enabled by default to protect your organization from common attacks. They do not include any settings related to device management or local administrator role4.
References: Manage device identities using the Microsoft Entra admin center, Windows Autopilot, Provisioning packages for Windows 10, What are security defaults?
NEW QUESTION # 130
You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.
You need to create Endpoint security policies to meet the following requirements:
Hide the Firewall & network protection area in the Windows Security app.
Disable the provisioning of Windows Hello for Business on the devices.
Which two policy types should you use? To answer, select the policies in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, application Description automatically generated
In the Antivirus policy settings, you can hide the Firewall and network protection area in the Windows Security app.
Windows Hello for Business settings are configured in Identity protection.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/antivirus-security-experience-windows-settings
https://docs.microsoft.com/en-us/mem/intune/protect/identity-protection-windows-settings
NEW QUESTION # 131
You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.
You need to deploy a custom line-of-business (LOB) app to the devices by using Intune.
Which extension should you select for the app package file?
- A. .intunemac
- B. apk
- C. jpa
- D. .appx
Answer: C
Explanation:
iOS/iPadOS LOB apps: Select Line-of-business app as the app type, select the App package file, and then enter an iOS/iPadOS installation file with the extension .ipa.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add
NEW QUESTION # 132
You have a Microsoft 365 subscription.
You have devices enrolled in Microsoft Intune as shown in the following table.
To which devices can you deploy apps by using Intune?
- A. Device1 and Device3 only
- B. Device1, Device2, Device3, and Device4
- C. Device1, Device2, and Device3 only
- D. Device1 only
- E. Device1 and Device2 only
Answer: B
NEW QUESTION # 133
Your company has a computer named Computer1 that runs Windows 10.
Computed was used by a user who left the company.
You plan to repurpose Computer1 and assign the computer to a new user.
You need to redeploy Computer1 by using Windows Autopilot.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
To redeploy Computer1 by using Windows Autopilot, you need to perform the following three actions in sequence:
Generate a JSON file that contains the computer information. This file specifies the Autopilot profile to be applied during the deployment. You can use the Get-AutopilotProfilesForExistingDevices PowerShell script to generate this file1.
Reset the computer. You can use the Windows Automatic Redeployment feature to trigger a reset from the login screen by pressing Ctrl + R and providing an administrator account2. Alternatively, you can use the Windows Autopilot Reset feature to remotely reset the device from Intune1.
Upload the file by running azcopy.exe. This step copies the JSON file to a blob storage account in Azure, where it can be accessed by the device during the deployment. You need to specify the storage account name, access key, and container name as parameters for azcopy.exe1.
NEW QUESTION # 134
You have 100 computers that run Windows 10.
You plan to deploy Windows 11 to the computers by performing a wipe and load installation.
You need to recommend a method to retain the user settings and the user data.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Create a system image backup.
2 - Deploy Windows 11.
3 - Restore a system image backup.
NEW QUESTION # 135
You have a Microsoft 365 subscription that includes Microsoft Intune.
You have computers that run Windows 11 as shown in the following table.
You have the groups shown in the following table.
You create and assign the compliance policies shown in the following table.
The next day, you review the compliance status of the computers.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 136
User1 and User2 plan to use Sync your settings.
On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://www.jeffgilb.com/managing-local-administrators-with-azure-ad-and-intune/
NEW QUESTION # 137
You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices that run Windows 11.
User1 provides remote support for 75 devices in the marketing department.
You need to add User1 to the Remote Desktop Users group on each marketing department device.
What should you configure?
- A. a device compliance policy
- B. an app configuration policy
- C. a device configuration profile
- D. an account protection policy
Answer: C
NEW QUESTION # 138
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you create and assign a device restrictions profile.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION # 139
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the users shown in the following table.
Group2 and Group3 are members of Group1.
All the users use Microsoft Excel.
From the Microsoft Endpoint Manager admin center, you create the policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
User1 is member of Group1 and Group2.
Policy1 with priority 0 is assigned to Group1: default file format for Excel is.ods.
Policy2 with priority 1 is assigned to Group2: default file format for Excel is.xlsb.
Note: Key points to remember about policy order
Policies are assigned an order of priority.
Devices receive the first applied policy only.
You can change the order of priority for policies.
Default policies are given the lowest order of priority.
Box 2: Yes
User2 is member of Group2.
Group2 and Group3 are members of Group1.
Box 3: No
User3 is member of Group3.
Group2 and Group3 are members of Group1.
Reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/mdb-policy-order
NEW QUESTION # 140
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device.
You need to ensure that CAPolicy1 is enforced.
What should you do?
- A. Enable CAPolicy1
- B. Add a condition in CAPolicy1 to filter for devices.
- C. Configure a new terms of use (TOU).
- D. Assign CAPolicy1 to Group2.
Answer: D
Explanation:
Explanation
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
NEW QUESTION # 141
......
Dumps MoneyBack Guarantee - MD-102 Dumps Approved Dumps: https://testoutce.pass4leader.com/Microsoft/MD-102-exam.html