because it needs to detect the software a device is running
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the Windows Hello for Business enrollment options.
Does this meet the goal?
a
You use a Microsoft Intune subscription to manage iOS devices.
You configure a device compliance policy that blocks jailbroken iOS devices.
You need to enable Enhanced jailbreak detection.
What should you configure?
b
because it needs to detect the software a device is running
Go to Home>Devices>Compliance Policies>Compliance Policy Settings
HOTSPOT All users have Microsoft 365 apps deployed.
You need to configure Microsoft 365 apps to meet the following requirements:
Enable the automatic installation of WebView2 Runtime.
Prevent users from submitting feedback.
Which two settings should you configure in the Microsoft 365 Apps admin center? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Device Configuration and Policy Management
DC & PManagement
Device configuration,
policy management
Device configuration and Policy Management
You have a Microsoft 365 subscription that contains 500 Android Enterprise devices.
All the devices are enrolled in Microsoft Intune.
You need to deliver bookmarks to the Chrome browser on the devices.
What should you create?
c
HOTSPOT
You have a Microsoft Intune subscription that has the following device compliance policy settings:
Mark devices with no compliance policy assigned as: Compliant
Compliance status validity period (days): 14
On January1, you enroll Windows 10 devices in Intune as shown in the following table.
On January 4, you create the following two device compliance policies:
Name: Policy1
Platform: Windows 10 and later
Require BitLocker: Require
Mark device noncompliant: 5 days after noncompliance
Scope (Tags): Tag1
Name: Policy2
Platform: Windows 10 and later
Firewall: Require
Mark device noncompliant: Immediately
Scope (Tags): Tag2
On January 5, you assign Policy1 and Policy2 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
YES
NO
NO
HOTSPOT
Case study
Overview ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
ADatum has a Microsoft 365 E5 subscription.
Environment
Network Environment The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.
ADatum has a hybrid Azure AD tenant named adatum.com.
Users and Groups The adatum.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices ADatum has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Intune Configuration Microsoft Intune has the compliance policies shown in the following table.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
Included groups: Group2, GroupB
Windows Autopilot Configuration ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Windows Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes ADatum plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
Deployed a network boundary configuration profile that will have the following settings:
Name: Boundary1 Network boundary: 192.168.1.0/24
Scope tags: Tag1 Assignments:
Included groups: Group1, Group2 Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
Name: Connection1
Connection name: VPN1
Connection type: L2TP Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: -
Name: Connection2
Connection name: VPN2
Connection type: IKEv2 Assignments:
Included groups: GroupA
Excluded groups: GroupB
Technical Requirements ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Case study
Overview ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
ADatum has a Microsoft 365 E5 subscription.
Environment
Network Environment The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.
ADatum has a hybrid Azure AD tenant named adatum.com.
Users and Groups The adatum.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices ADatum has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Intune Configuration Microsoft Intune has the compliance policies shown in the following table.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
Included groups: Group2, GroupB
Windows Autopilot Configuration ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Windows Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes ADatum plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
Deployed a network boundary configuration profile that will have the following settings:
Name: Boundary1 Network boundary: 192.168.1.0/24
Scope tags: Tag1 Assignments:
Included groups: Group1, Group2 Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
Name: Connection1
Connection name: VPN1
Connection type: L2TP Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: -
Name: Connection2
Connection name: VPN2
Connection type: IKEv2 Assignments:
Included groups: GroupA
Excluded groups: GroupB
Technical Requirements ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
You implement Boundary1 based on the planned changes.
Which devices have a network boundary of 192.168.1.0/24 applied?
b
You are replacing 100 company-owned Windows devices.
You need to use the Microsoft Deployment Toolkit (MDT) to securely wipe and decommission the devices. The solution must meet the following requirements:
Back up the user state.
Minimize administrative effort.
Which task sequence template should you use?
b
Standard Client Task Sequence vs. Standard Client Replace Task Sequence (From Microsoft)
Standard Client task sequence: The most frequently used task sequence. Used for creating reference images and for deploying clients in production.
Standard Client Replace task sequence: Used to run User State Migration Tool (USMT) backup and the optional full Windows Imaging (WIM) backup action. Can also be used to do a secure wipe of a machine that is going to be decommissioned.
MDT questions are no longer on the test
DRAG DROP You have 100 computers that run Windows 10.
You plan to deploy Windows 11 to the computers by performing a wipe and load installation.
You need to recommend a method to retain the user settings and the user data.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
1. Run scanstate.exe
2.Run loadstate.exe
3. Deploy Windows11.
Run scanstate.exe
Deploy Windows 11
Run loadstate.exe
Run scanstate.exe, Deploy Windows 11 & Run Loadstate.exe
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to use Intune to deploy an application named App1 that contains multiple installation files.
What should you do first?
c
From Microsoft Learn: Before you can configure, assign, protect, or monitor apps, you must add them to Microsoft Intune.
The answer is C
yes it is sufficient
It is answer A
A. Yes is correct
Minimum Pin Length
Through windows hello we can set the config PIN in required limit
This is enough