Term
You have a Microsoft 365 E5 subscription that contains the following groups:
Group1: Security group Group2: Microsoft 365 group Group3: Distribution group The subscription contains devices that are enrolled in Microsoft Intune and have Microsoft 365 apps installed.
You need to configure the Microsoft 365 apps.
What is the maximum number of policies for Microsoft Office apps that you can create? |
|
Definition
|
|
Term
You have a Microsoft 365 subscription that includes 100 Windows 10 devices that are enrolled to Microsoft Intune.
You need to deploy Microsoft 365 Apps for Business to all devices. The solution must ensure that Microsoft Visio is included in the deployment.
What should you do first? |
|
Definition
Create a device configuration from the Microsoft 365 Apps Admin Center. |
|
|
Term
You have a Microsoft 365 subscription that includes 100 Android devices that are enrolled to Microsoft Intune.
You plan to deploy an Android app to all managed Android devices by using Microsoft Intune.
You create a new app deployment and enter the name and details of the app.
What should you do next? |
|
Definition
Enter the AppStore URL for the app. |
|
|
Term
You have a Microsoft 365 subscription.
Users connect to Microsoft 365 services by using their personal iOS and Android devices. The devices are NOT managed by Intune.
You need to prevent Microsoft 365 files being saved locally to non-managed devices.
What should you use? |
|
Definition
|
|
Term
You have a Microsoft 365 subscription that uses Microsoft Intune.
You plan to implement a bring your own device (BYOD) policy to support iOS and Android devices.
You need to ensure that users can access all Microsoft 365 Apps on their devices. The solution must meet the following requirements:
Prevent users copying and pasting information from Microsoft 365 apps to non-Microsoft apps. Private devices must not be enrolled to Microsoft Intune. What should you configure? |
|
Definition
|
|
Term
You have a Microsoft 365 subscription that includes iOS and Android devices that are managed by using Microsoft Intune.
You need to prevent users printing Microsoft Word documents stored in Microsoft 365 from their mobile devices by using an app protection policy.
Which settings should you configure? |
|
Definition
Data Protection
The Data Protection setting has an option to prevent printing of organizational data (set to block, default is allowed).
The Access requirement setting focusses on device access such as pin, biometrics and credentials. The Conditional launch setting focuses on device and OS settings and the Conditional Access policy is about access controls to the data. |
|
|
Term
You have a Microsoft 365 subscription that includes iOS and Android devices that are managed by using Microsoft Intune.
You plan to implement a data protection framework for financial data.
You need to create app protection policies for the framework to protect company data in the event that a device is rooted or jailbroken.
What two actions should the policy perform? Each correct answer presents part of the solution. |
|
Definition
Encrypt organizational data.
Wipe data.
The finance department has access to financial data that poses a uniquely high risk. Any change into devices that become jailbroken or rooted should immediately result in a wipe to ensure no data can be retrieved. All organization data should be encrypted on the device by default. |
|
|
Term
You have a Microsoft 365 subscription that uses Microsoft Intune.
You perform the following actions:
Create two configuration profiles. Create an application deployment. Configure three compliance policies. You need to create a single assignment for the new resources.
What should you use? |
|
Definition
Intune Policy Sets
Intune Policy Sets are used to group objects together within Microsoft Intune including Device Configuration profiles, application deployments, Compliance policies and Assignments.
Device Enrollment Restrictions control how devices are enrolled, but do not group objects and assignments. Configuration Profile Assignments only assign Configuration profiles, not multiple objects and an Autopilot Deployment Profile configures the Autopilot process for Autopilot devices but does not impact object assignment. |
|
|
Term
You have a Microsoft 365 subscription that includes 500 Windows 11 devices that are managed by using Microsoft Intune.
You need to remove stale devices from the subscription. The solution must minimize administrative effort.
What should you do? |
|
Definition
Use the bulk device actions to delete the devices. In order to remove a stale device from the subscription, you need to use the delete action.
Retiring a device means it will remove the data, but it will still be visible in Intune. Configuring a Device Cleanup rule or creating a Compliance policy will not delete a device from the subscription. |
|
|
Term
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You have the following devices enrolled in Intune:
Device1: Windows 11 Device2: Android Device3: iOS You plan to implement Remediations in Intune to detect and fix common support issues.
On which devices can you use Remediations? |
|
Definition
|
|
Term
You have a Microsoft 365 subscription that includes the following devices:
Device1: Windows 10 Home Device2: Windows 11 Professional Device3: Windows 8.1 Enterprise Device4: Android 9.0 You need to identify which devices support Intune configuration policies.
Which devices should you identify? |
|
Definition
Device1, Device2, Device3, and Device4
Device1, Device2, Device3 and Device4 can all be managed using Microsoft Intune. The minimum Windows version is Windows 8.1, the minimum Windows edition is Home and the minimum Android version is 8.0. |
|
|
Term
You have an Azure subscription and on-premises devices.
You plan to monitor the devices by using Azure Monitor.
What should you deploy? |
|
Definition
a Log Analytics workspace
If you want to monitor devices by using Azure Monitor, you must collect log and performance data from the devices. Azure Monitor collects data to a Log Analytics workspace. |
|
|
Term
You have an Azure subscription that contains the following device types:
Windows 11 iPadOS macOS You plan to use Azure Monitor to monitor supported devices.
Which device types can be monitored by using Azure Monitor? |
|
Definition
Windows 11 only
If you want to monitor devices by using Azure Monitor, you must install an agent (Log Analytics agent or Azure Monitor Agent) on the devices. The agent is available only for Windows and Linux devices. As such, you can monitor only Windows 11 devices by using Azure Monitor. |
|
|
Term
You have a Microsoft 365 subscription that includes the following devices registered in Intune:
Device1, personally managed, Android Device2, Company owned, Android Device3, Company owned, Android Enterprise with Work Profile You manually install a non-managed app named App1 on all the devices.
You need to monitor the deployment of App1 by using Intune.
Which devices will report the version and status of App1? |
|
Definition
Device2 only
Device2 only is correct. App1 on Device2 can be monitored as the device is corporate owned and fully managed.
App1 on Device1 cannot be monitored as the app is a non-managed app and installed on a personal device, nor can App1 be monitored on Device3 as the app is a non-managed app and therefore not within the work profile. |
|
|
Term
You have a Microsoft 365 E3 subscription that includes 500 Windows 11 devices that are managed by using Microsoft Intune.
Several users report a slow start up experience for their devices.
You need to measure the startup performance of their devices by using Endpoint Analytics. The solution must minimize administrative effort.
What should you do? |
|
Definition
Create a Device Configuration Profile.
You can use the Device Configuration Profile to send details about start-up time.
Installing Azure Monitor Agent on all devices would result in the data needed, but it would require additional storage, and incur a higher cost, to store all this information. The remaining options would not allow you to measure the startup performance of the devices using Endpoint Analytics. |
|
|
Term
You have a Microsoft 365 subscription that includes 500 Windows 11 devices that are managed by using Microsoft Intune.
The subscription includes a monitoring solution that uses Azure Monitor and collects Microsoft Entra ID sign-in logs.
You need to ensure that the details for non-compliant devices are sent to Azure Monitor.
Which two logs should you configure? Each correct answer presents part of the solution. |
|
Definition
Device Compliance Organization logs, Operation logs Only the Operation logs and Device Compliance Organization logs show details on non-compliant devices.
The IntuneDevices and Audit log do not include these details. Without these details you cannot query in Azure Monitor on the results. |
|
|
Term
You have an Azure subscription that includes a virtual machine named VM1 that runs Windows 11 and is enrolled in Microsoft Intune.
VM1 hosts a legacy app named App1. App1 writes events to the event logs on VM1.
You need to ensure that any events created by App1 are sent to Azure Monitor. The solution must minimize administrative effort.
What should you do first? |
|
Definition
Install the Azure Monitor Agent.
You should first install the Azure Monitor Agent. You can define and configure the Data Collection Rule after the installation.
You do not need to install a virtual machine extension or enable Azure VM Insights. |
|
|
Term
You have an Azure subscription that includes a virtual machine named VM1 that runs Windows 11 and is enrolled in Microsoft Intune.
VM1 hosts a legacy app named App1. App1 writes events to the event logs on VM1.
You need to create a Data Collection rule that will gather all critical and error events for a specific application to be sent to Azure Monitor.
Which query should you use to retrieve the events? |
|
Definition
Application!*[System[(Level = 1 or Level = 2)]] |
|
|
Term
You have a Microsoft 365 E5 subscription that contains devices that run Windows 11.
All the devices are enrolled in Microsoft Intune.
You need to ensure that the devices use Delivery Optimization when installing Windows updates.
What should you configure in Intune? |
|
Definition
device configuration profile
Delivery Optimization reduces bandwidth consumption when devices download applications and updates. You can configure Delivery Optimization by using a device configuration profile and selecting the Delivery Optimization template. |
|
|
Term
You have a Microsoft 365 subscription that includes 100 Windows devices that are enrolled in Microsoft Intune.
You need to ensure that a group of test devices are updated to Windows 10 version 21H2. The solution must ensure that the test devices do NOT receive feature updates for at least two years.
What should you configure? |
|
Definition
Feature Update policy
A Feature Update policy will update devices to a specific version and new updates will not be installed until the policy is modified or removed.
An Update Ring will configure the specific Ring for a device and the maximum deferral for feature updates is 365 days. A Compliance policy does not influence how and when devices install updates and updates are not configured by Configuration profiles. |
|
|
Term
You have a Microsoft 365 subscription that includes 500 Windows 10 Enterprise 20H2 devices that are managed by using Microsoft Intune.
You need to update the devices to Windows 11. The solution must ensure that users can postpone the update for a maximum of two weeks.
What should you configure first? |
|
Definition
Update ring policy
An Update ring policy allows you to update to Windows 11.
Though the Feature update policy does allow that as well, only an Update Ring allows you to postpone updates. Quality update profiles and Device configuration profiles do not allow you to update the devices to Windows 11. |
|
|
Term
You have a Microsoft 365 subscription that includes 500 Windows 10 Enterprise 20H2 devices that are managed by using Microsoft Intune.
You plan to update the devices to Windows 11.
You need to identify the devices that do NOT meet the requirements for Windows 11.
What report should you review? |
|
Definition
Windows feature update device readiness report
The Windows feature update device readiness report shows devices with their readiness status.
The Windows feature update compatibility risks reports shows this for each application or driver, but it does not display this information per device. The All devices report and the Device Compliance report do not display this information. |
|
|
Term
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
The following devices have Microsoft 365 apps installed and are enrolled in Intune:
Device1: Windows 11 Device2: Android Device3: iOS You plan to use a Microsoft 365 Apps for enterprise security baseline named Baseline1.
To which devices can you apply Baseline1?
Select only one answer.
Device1 and Device2 only
Device1 and Device3 only
Device1, Device2 and Device3
Device1 only |
|
Definition
Device1 only
The Microsoft 365 Apps for enterprise security baseline can be applied only to Windows 10 and later. When you are creating a profile by using a Microsoft 365 Apps for enterprise security baseline, the platform is set to Windows 10 and later, cannot be changed. |
|
|
Term
You have a Microsoft 365 E5 subscription that includes 500 Windows 11 devices that are managed by using Microsoft Intune.
You need to apply granular security controls to the Microsoft Edge configuration on each device. The solution must minimize administrative efforts.
What should you configure?
Select only one answer.
a Compliance policy
a Security Baseline
Attack surface reduction
Endpoint detection and response |
|
Definition
a Security Baseline
You need to configure a Security Baseline in order to apply the security controls to the Microsoft Edge configuration of each device.
Configuring a Compliance policy, Endpoint detection and response, or Attack surface reduction does not allow you to apply the required controls while minimizing administrative efforts. |
|
|
Term
You have a Microsoft 365 subscription that includes 500 Windows 11 Enterprise devices that are managed by using Microsoft Intune and Endpoint Security.
You need to ensure that users are automatically added to the local RDP users group. The solution must follow the principle of least privilege.
What should you configure?
Select only one answer.
a Dynamic Group This answer is incorrect.
Account protection This answer is correct.
Device Compliance
Endpoint detection and response |
|
Definition
Account protection
With the Account Protection option, you can easily assign a Microsoft Entra ID group (or user) to be part of the local device group with RDP users. |
|
|