- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device. You need to ensure that CAPolicy1 is enforced.
What should you do?
Correct Answer:B
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
- (Exam Topic 4)
You have 100 Windows 10 devices that are managed by using Microsoft Endpoint Manager. You plan to sideload an app to the devices.
You need to configure Microsoft Endpoint Manager to enable sideloading.
Which device profile type and setting should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10
Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
You have computers that run Windows 10 as shown in the following table.
Computer2 and Computer3 are enrolled in Microsoft Intune.
In a Group Policy object (GPO) linked to the domain, you enable the Computer Configuration/Administrative Templates/Windows Components/Search/Allow Cortana setting.
In an Intune device configuration profile, you configure the following:
Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP to a value of 1 Experience/AllowCortana to a value of 0.
Each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who
Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
You have a shared computer that runs Windows 10. The computer is infected with a virus.
You discover that a malicious TTF font was used to compromise the computer.
You need to prevent this type of threat from affecting the computer in the future. What should you use?
Correct Answer:A
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windowsd
- (Exam Topic 4)
Your company has a computer named Computer1 that runs Windows 10. Computer1 was used by a user who left the company.
You plan to repurpose Computer1 and assign the computer to a new user. You need to redeploy Computer1 by using Windows AutoPilot.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
Reference:
https://docs.microsoft.com/en-us/intune/enrollment-autopilot
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset
Does this meet the goal?
Correct Answer:A