MD-101 Online Practice Questions and Answers

Your company has an Active Directory domain, named weylandindustries.com. the domain is synced to Microsoft Azure Active Directory (Azure AD) and all company computers have been enrolled in Microsoft Intune.

You are preparing to perform a Wipe action on certain company devices.

Which of the following operating systems support the Wipe action? (Choose all that apply.)

A. Windows Vista

B. Windows 8.1

C. Windows 10

D. iOS

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Reference: https://docs.microsoft.com/en-us/windows-insider/business/manage-builds

Your company has a hybrid configuration of Microsoft Azure Active Directory (Azure AD). Your company also has a Microsoft 365 subscription.

After creating a conditional access policy for Microsoft Exchange Online, you are tasked with configuring the policy to block access to Exchange Online. However, the policy should allow access for hybrid Azure AD-joined devices

Solution: You should configure the Device platforms settings.

Does the solution meet the goal?

A. Yes

B. No

Your company has a Microsoft 365 subscription.

You have enrolled all the company computers in Microsoft Intune.

You have been tasked with making sure that devices with a high Windows Defender Advanced Threat Protection (Windows Defender ATP) risk score are locked.

Which of the following actions should you take?

A. You should create a device configuration profile.

B. You should create a device compliance policy.

C. You should create a Windows AutoPilot deployment profile.

D. You should create a conditional access policy.

You manage a large number of Windows 10 computers.

You have been tasked with creating a provisioning package that will allow you to remove the Microsoft News and the Xbox Microsoft Store apps, as well as add a VPN connection to the company network.

Which of the following are the customization settings you should configure?

A. Connections and Personalization

B. ConnectivityProfiles and Policies

C. Connections and Policies

D. ConnectivityProfiles and Personalization

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes Microsoft Intune, for which all users are licensed.

You have been tasked with making sure that users enroll their iOS device in Intune.

Which of the following actions should you take? (Choose all that apply.)

A. Obtain a Device Enrollment Program (DEP) token from Apple.

B. Make use of Google Zero Touch.

C. Create Device enrollment manager (DEM) account.

D. Make use a QR code.

You have a Microsoft 365 tenant that contains the devices shown in the following table.

The devices are managed by using Microsoft Intune.

You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.

You discover that devices that are not members of Group1 are shown as Compliant.

You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.

What should you do?

A. From Endpoint security, configure the Conditional access settings.

B. From Device compliance, configure the Compliance policy settings.

C. From Policy1, modify the actions for noncompliance.

D. From Tenant administration, modify the Diagnostic settings.

You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.

User1 can access her Microsoft Exchange Online mailbox from both Device 1 and Device2.

You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:

1.

Assignments

2.

Users or workload identities: User1

3.

Cloud apps or actions: Office 365 Exchange Online

4.

Access controls

5.

Grant: Block access

You need to configure CAPolicy1 to allow mailbox access from Device 1 but block mailbox access from Device2.

Solution: You add a condition that specifies device platforms.

Does this meet the goal?

A. Yes

B. No

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 500 laptops that run Windows 8.1 Professional. The users of the laptops work from home.

Your company uses Microsoft Intune, the Microsoft Deployment Toolkit (MDT), and Windows Configuration Designer to manage client computers.

The company purchases 500 licenses for Windows 10 Enterprise.

You verify that the hardware and applications on the laptops are compatible with Windows 10.

The users will bring their laptop to the office, where the IT department will deploy Windows 10 to the laptops while the users wait.

You need to recommend a deployment method for the laptops that will retain their installed applications. The solution must minimize how long it takes to perform the deployment.

What should you include in the recommendation?

A. an in-place upgrade

B. a clean installation by using a Windows Configuration Designer provisioning package

C. Windows AutoPilot

D. a clean installation and the User State Migration Tool (USMT)

You have 100 devices that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).

You need to prevent users from joining their home computer to Azure AD.

What should you do?

A. From the Device enrollment blade in the Intune admin center, modify the Enrollment restriction settings.

B. From the Devices blade in the Azure Active Directory admin center, modify the Device settings.

C. From the Device enrollment blade in the Intune admin center, modify the Device enrollment manages settings.

D. From the Mobility (MDM and MAM) blade in the Azure Active Directory admin center, modify the Microsoft Intune enrollment settings.

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains computers that run Windows 10. The computers are enrolled in Microsoft Intune and Windows Analytics.

Your company protects documents by using Windows Information Protection (WIP).

You need to identify non-approved apps that attempt to open corporate documents.

What should you use?

A. the Device Health solution in Windows Analytics

B. Microsoft Cloud App Security

C. Intune Data Warehouse

D. the App protection status report in Intune

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.

You need to ensure that only applications that you explicitly allow can run on the computers.

What should you use?

A. Windows Defender Credential Guard

B. Windows Defender Exploit Guard

C. Windows Defender Application Guard

D. Windows Defender Application Control

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.

Solution: From the Azure Active Directory admin center, you modify the User settings and the Device settings.

Does this meet the goal?

A. Yes

B. No

You have an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant contains Windows 10 devices that are enrolled in Microsoft Intune.

You create an Azure Log Analytics workspace and add the Device Health Solution to the workspace.

You need to create a custom device configuration profile that will enroll the Windows 10 devices in Device Health.

Which OMA-URI should you add to the profile?

A. ./Vendor/MSFT/DMClient/Provider/MS DM Server/Push

B. ./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID

C. ./Vendor/MSFT/DMClient/Provider/MS DM Server/ManagementServerAddressList

D. ./Vendor/MSFT/DMClient/Provider/MS DM Server/Push/ChannelURI

HOTSPOT

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD). The domain contains computers that run Windows 10. The computers are configured as shown in the following table.

All the computers are enrolled in Microsoft Intune.

You configure the following Maintenance Scheduler settings in the Default Domain Policy:

1.

Turn off auto-restart for updates during active hours: Enabled

2.

Active hours start: 08:00

3.

Active hours end: 22:00

In Intune, you create a device configuration profile named Profile1 that has the following OMA-URI settings:

1.

./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP set to value 1

2.

./Device/Vendor/MSFT/Policy/Config/Update/ActiveHoursStart set to value 9

3.

./Device/Vendor/MSFT/Policy/Config/Update/ActiveHoursEnd set to value 21

You assign Profile to Group1.

How are the active hours configured on Computer1 and Computer2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 subscription.

You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table.

You need to configure device enrollment to meet the following requirements:

1.

Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager.

2.

Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment.

Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area: