- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You have the devices shown in the following table.
You have a Conditional Access policy named CAPolicy1 that has the following settings: 
Assignments
- Users or workload identities: Group1
- 
Cloud apps or actions: All cloud apps Conditions
- Device platforms: include: Windows, Android
- Grant access controls: Require multi-factor authentication
You have a Conditional Access named CAPolicy2 that has the following settings: Assignments
- Users or workload identities: Group2
- Cloud apps or actions: All cloud apps Conditions
- Device platforms: Android
- Access controls: Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
A screenshot of a computer Description automatically generated with medium confidence
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have a Microsoft 365 subscription.
You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table.
You need to configure device enrollment to meet the following requirements: Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager. Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment.
Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Your network contains an Active Directory domain. The domain contains computers that are managed by using Microsoft Endpoint Configuration Manager.
You plan to integrate Configuration Manager and Azure as part of a Desktop Analytics implementation.
You create a new organizational unit (OU) and place several test computers that run Windows 10 into the OU. You need to collect diagnostic data from the test computers to Desktop Analytics.
• App usage and insights data
• Health monitoring data
• Deployment status data
The solution must minimize the data collected.
Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, application, table Description automatically generated with medium confidence
Reference:
https://docs.microsoft.com/en-us/enterprise-threat-detection/collector/collector-client-configuration-windows-10 https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/enable-data-sharing
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have 200 computers that run Windows 10.
You need to create a provisioning package to configure the following tasks: 
Remove the Microsoft News and the Xbox Microsoft Store apps. Add a VPN connection to the corporate network.
Which two customizations should you configure? To answer, select the appropriate customizations in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Connectivityprofiles Policies
References:
https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-connectivityprofiles https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#appl https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-policies
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Your company implements Microsoft Azure Active Directory (Azure AD), Microsoft 365, Microsoft Intune, and Azure Information Protection.
The company’s security policy states the following: Personal devices do not need to be enrolled in Intune. Users must authenticate by using a PIN before they can access corporate email data. Users can use their personal iOS and Android devices to access corporate cloud services. Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
You need to configure a solution to enforce the security policy. What should you create?
Correct Answer:
C
References:
https://docs.microsoft.com/en-us/intune/app-protection-policy
