- (Exam Topic 3)
User1 and User2 plan to use Sync your settings.
On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text, application, email Description automatically generated
Reference:
https://www.jeffgilb.com/managing-local-administrators-with-azure-ad-and-intune/
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
You implement Boundary1 based on the planned changes.
Which devices have a network boundary of 192.168.1.0/24 applied?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription.
You create an app protection policy for Android devices named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: Install the Intune Company Portal app on the device
On Android, Android devices will prompt to install the Intune Company Portal app regardless of which Device type is chosen.
Bix 2: Devices only
For Android devices, unmanaged devices are devices where Intune MDM management has not been detected. This includes devices managed by third-party MDM vendors.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies#app-protection-policies-for-iosipado
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Your on-premises network contains an Active Directory domain named contoso.com. You perform the following actions:
Purchase a new Microsoft 365 subscription.
Create a new user named User1.
Assign User1 the Security Administrator role.
You need to ensure that User1 can enable Conditional Access policies. What should User1 do first?
Correct Answer:
C
Microsoft provides security defaults that ensure a basic level of security enabled in tenants that don't have Azure AD Premium. With Conditional Access, you can create policies that provide the same protection as security defaults, but with granularity. Conditional Access and security defaults aren't meant to be combined as creating Conditional Access policies will prevent you from enabling security defaults.
Incorrect: Not B:
Not required. Gobal administrator, security administrator, or Conditional Access administrator is enough. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin. You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10
devices to contoso.com.
Solution: From the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Device Management admin center, you create and assign a device restrictions profile.
Does this meet the goal?
Correct Answer:
B
Instead, from the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for Business enrollment options.
References:
https://docs.microsoft.com/en-us/intune/protect/windows-hello