MD-102Free trial

HOTSPOT

You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

You need to configure an Intune device configuration profile to meet the following requirements:

• Prevent Microsoft Office applications from launching child processes.
• Block users from transferring files over FTP.

Which two settings should you configure in the Endpoint protection configuration profile? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

You have following types of devices enrolled in Microsoft Intune:
• Windows 10
• Android
• iOS

For which types of devices can you create VPN profiles in Microsoft Intune admin center?

You are creating a device configuration profile in Microsoft Intune.

You need to configure specific OMA-URI settings in the profile.

Which profile type template should you use?

HOTSPOT

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.

You create a policy set named Set1 as shown in the exhibit. (Click the Exhibit tab.)

You enroll devices in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have a Microsoft 365 subscription that contains 1,000 iOS devices. The devices are enrolled in Microsoft Intune as follows:
• Two hundred devices are enrolled by using the Intune Company Portal.
• Eight hundred devices are enrolled by using Apple Automated Device Enrollment (ADE).

You create an iOS/iPadOS software updates policy named Policy1 that is configured to install iOS/iPadOS 15.5.

How many iOS devices will Policy1 update, and what should you configure to ensure that only iOS/iPadOS 15.5 is installed? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT -

Case study -

Overview -

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices -

ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Configuration -

Microsoft Intune has the compliance policies shown in the following table.

The Automatic Enrollment settings have the following configurations:

• MDM user scope: GroupA
• MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

• Name: Protection1
• Folder protection: Enable
• List of apps that have access to protected folders: C:*\AppA.exe
• List of additional folders that need to be protected: D:\Folder1
• Assignments:

• Included groups: Group2, GroupB

Windows Autopilot Configuration -

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -

ADatum plans to implement the following changes:

• Purchase a new Windows 10 device named Device6 and enroll the device in Intune
• New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
• Deployed a network boundary configuration profile that will have the following settings:

• Name: Boundary1
• Network boundary: 192.168.1.0/24
• Scope tags: Tag1
• Assignments:
• Included groups: Group1, Group2
  • Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
• Name: Connection1
• Connection name: VPN1
• Connection type: L2TP
• Assignments:
• Included groups: Group1, Group2, GroupA
• Excluded groups: --
• Name: Connection2
• Connection name: VPN2
• Connection type: IKEv2
• Assignments:
• Included groups: GroupA
• Excluded groups: GroupB

Technical Requirements -

ADatum must meet the following technical requirements:
• Users in GroupA must be able to deploy new computers.
• Administrative effort must be minimized.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been offline for 30 days.
You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.
What should you use?

Case study -

Overview -

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices -

ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Configuration -

Microsoft Intune has the compliance policies shown in the following table.

The Automatic Enrollment settings have the following configurations:

• MDM user scope: GroupA
• MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

• Name: Protection1
• Folder protection: Enable
• List of apps that have access to protected folders: C:*\AppA.exe
• List of additional folders that need to be protected: D:\Folder1
• Assignments:

• Included groups: Group2, GroupB

Windows Autopilot Configuration -

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -

ADatum plans to implement the following changes:

• Purchase a new Windows 10 device named Device6 and enroll the device in Intune
• New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
• Deployed a network boundary configuration profile that will have the following settings:

• Name: Boundary1
• Network boundary: 192.168.1.0/24
• Scope tags: Tag1
• Assignments:
• Included groups: Group1, Group2
  • Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
• Name: Connection1
• Connection name: VPN1
• Connection type: L2TP
• Assignments:
• Included groups: Group1, Group2, GroupA
• Excluded groups: --
• Name: Connection2
• Connection name: VPN2
• Connection type: IKEv2
• Assignments:
• Included groups: GroupA
• Excluded groups: GroupB

Technical Requirements -

ADatum must meet the following technical requirements:
• Users in GroupA must be able to deploy new computers.
• Administrative effort must be minimized.

You need to ensure that computer objects can be created as part of the Windows Autopilot deployment. The solution must meet the technical requirements.

To what should you grant the right to create the computer objects?

HOTSPOT -

Case study -

Overview -

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices -

ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Configuration -

Microsoft Intune has the compliance policies shown in the following table.

The Automatic Enrollment settings have the following configurations:

• MDM user scope: GroupA
• MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

• Name: Protection1
• Folder protection: Enable
• List of apps that have access to protected folders: C:*\AppA.exe
• List of additional folders that need to be protected: D:\Folder1
• Assignments:

• Included groups: Group2, GroupB

Windows Autopilot Configuration -

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -

ADatum plans to implement the following changes:

• Purchase a new Windows 10 device named Device6 and enroll the device in Intune
• New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
• Deployed a network boundary configuration profile that will have the following settings:

• Name: Boundary1
• Network boundary: 192.168.1.0/24
• Scope tags: Tag1
• Assignments:
• Included groups: Group1, Group2
  • Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
• Name: Connection1
• Connection name: VPN1
• Connection type: L2TP
• Assignments:
• Included groups: Group1, Group2, GroupA
• Excluded groups: --
• Name: Connection2
• Connection name: VPN2
• Connection type: IKEv2
• Assignments:
• Included groups: GroupA
• Excluded groups: GroupB

Technical Requirements -

ADatum must meet the following technical requirements:
• Users in GroupA must be able to deploy new computers.
• Administrative effort must be minimized.

You implement the planned changes for Connection1 and Connection2.

How many VPN connections will there be for User1 when the user signs in to Device1 and Device2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Case study -

Overview -

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices -

ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Configuration -

Microsoft Intune has the compliance policies shown in the following table.

The Automatic Enrollment settings have the following configurations:

• MDM user scope: GroupA
• MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

• Name: Protection1
• Folder protection: Enable
• List of apps that have access to protected folders: C:*\AppA.exe
• List of additional folders that need to be protected: D:\Folder1
• Assignments:

• Included groups: Group2, GroupB

Windows Autopilot Configuration -

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -

ADatum plans to implement the following changes:

• Purchase a new Windows 10 device named Device6 and enroll the device in Intune
• New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
• Deployed a network boundary configuration profile that will have the following settings:

• Name: Boundary1
• Network boundary: 192.168.1.0/24
• Scope tags: Tag1
• Assignments:
• Included groups: Group1, Group2
  • Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
• Name: Connection1
• Connection name: VPN1
• Connection type: L2TP
• Assignments:
• Included groups: Group1, Group2, GroupA
• Excluded groups: --
• Name: Connection2
• Connection name: VPN2
• Connection type: IKEv2
• Assignments:
• Included groups: GroupA
• Excluded groups: GroupB

Technical Requirements -

ADatum must meet the following technical requirements:
• Users in GroupA must be able to deploy new computers.
• Administrative effort must be minimized.

Which user can enroll Device6 in Intune?

You have a Microsoft 365 subscription that contains 1,000 iOS devices and includes Microsoft Intune.

You need to prevent the printing of corporate data from managed apps on the devices.

What should you configure?

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.

Which users can download the Office customization file from the admin center?

You have a Microsoft 365 E5 subscription.

You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.

What should you select in the Microsoft Intune admin center?

You have a Microsoft 365 tenant that contains the objects shown in the following table.

In the Microsoft Intune admin center, you are creating a Microsoft 365 Apps app named App1.

To which objects can you assign App1?

HOTSPOT -

You have a Microsoft 365 E5 subscription.

You create an app protection policy for Android device named Policy1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that includes Microsoft Intune.

You have 500 corporate-owned Android devices enrolled as fully managed devices.

You need to prepare an app named App1 for deployment to the devices.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have the Windows 10 devices shown in the following table.

You plan to upgrade the devices to Windows 11 Enterprise.

On which devices can you perform a direct in-place upgrade to Windows 11 Enterprise?

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to review the startup times and restart frequencies of the devices.
What should you use?

HOTSPOT -

Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure AD.

A user named User1 uses the domain-joined devices shown in the following table.

In the Microsoft Entra admin center, you assign a Windows 11 Enterprise E5 license to User1.

You need to identify what will occur when User1 next signs in to the devices.

What should you identify for each device? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT -

You have a Microsoft Deployment Toolkit (MDT) deployment share named Share1.

You add Windows 10 images to Share1 as shown in the following table.

Which images can be used in the Standard Client Task Sequence, and which images can be used in the Standard Client Upgrade Task Sequence?

NOTE: Each correct selection is worth one point.

DRAG DROP

You have a Microsoft 365 subscription that uses Microsoft Intune.

You plan to use Windows Autopilot to provision 25 Windows 11 devices.

You need to meet the following requirements during device provisioning:
• Display the progress of app and profile deployments.
• Join the devices to Azure AD.

What should you configure to meet each requirement? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Your company has a Remote Desktop Gateway (RD Gateway).

You have a server named Server1 that is accessible by using Remote Desktop Services (RDS) through the RD Gateway.

You need to configure a Remote Desktop connection to connect through the gateway.

Which setting should you configure?

You have a Microsoft Deployment Toolkit (MDT) deployment share.

You plan to deploy Windows 11 by using the Standard Client Task Sequence template.

You need to modify the task sequence to perform the following actions:
• Format disks to support Unified Extensible Firmware Interface (UEFI).
• Create a recovery partition.

Which phase of the task sequence should you modify?

DRAG DROP

Your network contains an Active Directory domain.

You install the Microsoft Deployment Toolkit (MDT) on a server.

You have a custom image of Windows 11.

You need to deploy the image to 100 devices by using MDT.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have the Microsoft Deployment Toolkit (MDT) installed.

You install and customize Windows 11 on a reference computer.

You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers.

Which command should you run before you capture the image?