Ask Question
Microsoft MD-102 Practice Test - Questions Answers, Page 10
List of questions
Question 91
HOTSPOT
You have an Azure Active Directory Premium Plan 2 subscription that contains the users shown in the following table.
You purchase the devices shown in the following table.
You configure automatic mobile device management (MDM) and mobile application management (MAM) enrollment by using the following settings:
MDM user scope: Group1
MAM user scope: Group2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/mem/intune/enrollment/android-enroll
https://powerautomate.microsoft.com/fr-fr/blog/mam-flow-mobile/
Question 92
Your company has devices enrolled in Microsoft Intune as shown in the following table.
In Microsoft Endpoint Manager, you define the company's network as a location named Location1.
Which devices can use network location-based compliance policies?
Device2 and Device3 only
Device2 only
Device1 and Device2 only
Device1 only
Device1, Device2, and Device3
Explanation:
Intune supported operating systems
Intune supports devices running the following operating systems (OS):
iOS
Android
Windows
macOS
Note: View the device compliance settings for the different device platforms:
Android device administrator
Android Enterprise
iOS
macOS
Windows Holographic for Business
Windows 8.1 and later
Windows 10/11
Reference: https://docs.microsoft.com/en-us/mem/intune/fundamentals/supported-devicesbrowsers
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
Question 93
You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?
the Azure portal app
Endpoint analytics
the Company Portal app
Microsoft Power Bl
Explanation:
You can use the Power BI Compliance app to load interactive, dynamically generated reports for your
Intune tenant. Additionally, you can load your tenant data in Power BI using the OData link. Intune provides connection settings to your tenant so that you can view the following sample reports and charts related to:
Devices
Enrollment
App protection policy
Compliance policy
Device configuration profiles
Software updates
Device inventory logs
Note: Load the data in Power BI using the OData link
With a client authenticated to Azure AD, the OData URL connects to the RESTful endpoint in the Data
Warehouse API that exposes the data model to your reporting client. Follow these instructions to use
Power BI Desktop to connect and create your own reports.
Sign in to the Microsoft Endpoint Manager admin center.
Select Reports > Intune Data warehouse > Data warehouse.
Retrieve the custom feed URL from the reporting blade, for example:
https://fef.{yourtenant}.manage.microsoft.com/ReportingService/DataWarehouseFEService/dates?api-version=v1.0
Open Power BI Desktop.
Choose File > Get Data. Select OData feed.
Choose Basic.
Type or paste the OData URL into the URL box.
Select OK.
If you have not authenticated to Azure AD for your tenant from the Power BI desktop client, type your credentials. To gain access to your data, you must authorize with Azure Active Directory (Azure AD) using OAuth 2.0.
Select Organizational account.
Type your username and password.
Select Sign In.
Select Connect.
Select Load.
Reference: https://docs.microsoft.com/en-us/mem/intune/developer/reports-proc-get-a-linkpowerbi
Question 94
HOTSPOT
You have a Microsoft 365 tenant and an internal certification authority (CA).
You need to use Microsoft Intune to deploy the root CA certificate to managed devices.
Which type of Intune policy and profile should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Configuration profile
Create a trusted certificate profile.
Box 2: Trusted certificate
When using Intune to provision devices with certificates to access your corporate resources and network, use a trusted certificate profile to deploy the trusted root certificate to those devices.
Trusted root certificates establish a trust from the device to your root or intermediate (issuing) CA from which the other certificates are issued.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root
Question 95
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange
Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device.
You need to ensure that CAPolicy1 is enforced.
What should you do?
Configure a new terms of use (TOU).
Assign CAPolicy1 to Group2.
Enable CAPolicy1
Add a condition in CAPolicy1 to filter for devices.
Explanation:
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing
Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Question 96
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain. The domain contains a computer named
Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a Microsoft Deployment Toolkit (MDT) deployment share. You create a task sequence, and then you run the MDT deployment wizard on Computer1.
Does this meet the goal?
Yes
No
Question 97
You have a Microsoft 365 E5 subscription that contains a group named Group1.
You create a Conditional Access policy named CAPolicy1 and assign CAPolicy1 to Group1.
You need to configure CAPolicy1 to require the members of Group1 to reauthenticate every eight hours when they connect to Microsoft Exchange Online.
What should you configure?
Session access controls
an assignment that uses a User risk condition
an assignment that uses a Sign-in risk condition
Grant access controls
Explanation:
User sign-in frequency
Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource.
The Azure Active Directory (Azure AD) default configuration for user sign-in frequency is a rolling window of 90 days.
Sign-in frequency control
Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
Browse to Azure Active Directory > Security > Conditional Access.
Select New policy.
Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
Choose all required conditions for customer's environment, including the target cloud apps.
Under Access controls > Session.
Select Sign-in frequency.
Choose Periodic reauthentication and enter a value of hours or days or select Every time.
Save your policy.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howtoconditional-access-session-lifetime
Question 98
You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.
You need to ensure that notifications of iOS updates are deferred for 30 days after the updates are released.
What should you create?
a device configuration profile based on the Device features template
a device configuration profile based on the Device restrictions template
an update policy for iOS/iPadOS
an iOS app provisioning profile
Explanation:
Manage iOS/iPadOS software update policies in Intune, delay visibility of software updates.
When you use update policies for iOS, you might have need to delay visibility of an iOS software update. Reasons to delay visibility include:
Prevent users from updating the OS manually
To deploy an older update while preventing users from installing a more recent one
To delay visibility, deploy a device restriction template that configures the following settings:
Defer software updates = Yes
This doesn't affect any scheduled updates. It represents days before software updates are visible to end users after release.
Delay default visibility of software updates = 1 to 90
90 days is the maximum delay that Apple supports.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/software-updates-ios
Question 99
You have a Microsoft 365 E5 subscription that contains 1,000 Windows 11 devices. All the devices are enrolled in Microsoft Intune.
You plan to integrate Intune with Microsoft Defender for Endpoint.
You need to establish a service-to-service connection between Intune and Defender for Endpoint.
Which settings should you configure in the Microsoft Endpoint Manager admin center?
Connectors and tokens
Premium add-ons
Microsoft Tunnel Gateway
Tenant enrollment
Explanation:
Microsoft Defender for Endpoint – Important Service and Endpoint Settings You Should Configure
Right Now.
As a prerequisite, however, head to tenant administration > connectors and tokens > Microsoft
Defender for Endpoint and confirm the connection is enabled. You previously set this up in the advanced settings of Microsoft 365 Defender.
Reference: https://petri.com/microsoft-defender-for-endpoint-which-settings-configure-right-now/
Question 100
You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft
Intune.
You plan to use Endpoint analytics.
You need to create baseline metrics.
What should you do first?
Create an Azure Monitor workbook.
Onboard 10 devices to Endpoint analytics.
Create a Log Analytics workspace.
Modify the Baseline regression threshold.
Explanation:
Onboarding from the Endpoint analytics portal is required for Intune managed devices.
Reference: https://docs.microsoft.com/en-us/mem/analytics/enroll-intune
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
.png)
Question