Practice Free MD-102 Exam Online Questions
You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to onboard the devices to Microsoft Defender for Endpoint.
What should you create in the Microsoft Intune admin center?
- A . an attack surface reduction (ASR) policy
- B . a security baseline
- C . an endpoint detection and response (EDR) policy
- D . an account protection policy
- E . an antivirus policy
C
Explanation:
Onboard Windows devices to Defender for Endpoint using Intune Enable Microsoft Defender for Endpoint in Intune
The first step you take is to set up the service-to-service connection between Intune and Microsoft Defender for Endpoint. Set up requires administrative access to both the Microsoft Defender Security Center, and to Intune.
Onboard Windows devices
(After you connect Intune and Microsoft Defender for Endpoint, Intune receives an onboarding configuration package from Microsoft Defender for Endpoint. You use a device configuration profile for Microsoft Defender for Endpoint to deploy the package to your Windows devices.
The configuration package configures devices to communicate with Microsoft Defender for Endpoint services to scan files and detect threats. The device also reports its risk level to Microsoft Defender for Endpoint based on your compliance policies.
After onboarding a device using the configuration package, you don’t need to do it again.)
You can also onboard devices using:
*-> Endpoint detection and response (EDR) policy. Intune EDR policy is part of endpoint security in Intune. Use EDR policies to configure device security without the overhead of the larger body of settings found in device configuration profiles. You can also use EDR policy with tenant attached devices, which are devices you manage with Configuration Manager.
Reference: https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure#enable-microsoft-defender-for-endpoint-in-intune
a device configuration profile based on the Device restrictions template
Explanation:
Manage iOS/iPadOS software update policies in Intune, delay visibility of software updates.
When you use update policies for iOS, you might have need to delay visibility of an iOS software update.
Reasons to delay visibility include:
Prevent users from updating the OS manually
To deploy an older update while preventing users from installing a more recent one
To delay visibility, deploy a device restriction template that configures the following settings:
Defer software updates = Yes
This doesn’t affect any scheduled updates. It represents days before software updates are visible to end users after release.
Delay default visibility of software updates = 1 to 90
90 days is the maximum delay that Apple supports.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/software-updates-ios
You have computers that run Windows 11 Pro. The computers are joined to Microsoft Entra and enrolled in Microsoft Intune.
You need to upgrade the computers to Windows 11 Enterprise.
What should you configure in Intune?
- A . a device compliance policy
- B . a device cleanup rule
- C . a device enrollment policy
- D . a device configuration profile
D
Explanation:
Intune: Upgrade Windows Pro to Enterprise.
1)First, create a Microsoft Intune configuration policy. In the Azure Portal navigate to Microsoft Intune -> Device Configuration -> Profiles. Click Create Profile.
2)Next, create a new Windows 10 and later profile, with a type of Edition Upgrade. Click Settings
3)Etc.
Reference: https://blogs.technet.microsoft.com/skypehybridguy/2018/09/21/intune-upgrade-windows-from-pro-to-
enterprise-automatically/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Entra tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you configure the Authentication methods. Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Instead, from the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Endpoint Management admin center, you configure the Windows Hello for Business enrollment options.
Reference: https://docs.microsoft.com/en-us/intune/protect/windows-hello
You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune.
You need to review the servicing status of a computer.
What should you do?
E. From Device configuration C Profiles, view the device status.
F. From Software updates, view the Per update ring deployment state.
G. From Software updates, view the audit logs.
H. From Device compliance, view the device compliance.
Explanation:
Reports for Update rings for Windows 10 and later policy.
Intune offers integrated report views for the Windows update ring policies you deploy. These views display details about the update ring deployment and status:
D. Sign in to Microsoft Endpoint Manager admin center.
E. Select Devices > Monitor. Then under Software updates select Per update ring deployment state and choose the deployment ring to review.
Note: Windows 10 and later update rings C Use a built-in report that’s ready by default when you deploy update rings to your devices.
Reference: https://docs.microsoft.com/en-us/intune/windows-update-compliance-reports
You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune.
You need to review the servicing status of a computer.
What should you do?
E. From Device configuration C Profiles, view the device status.
F. From Software updates, view the Per update ring deployment state.
G. From Software updates, view the audit logs.
H. From Device compliance, view the device compliance.
Explanation:
Reports for Update rings for Windows 10 and later policy.
Intune offers integrated report views for the Windows update ring policies you deploy. These views display details about the update ring deployment and status:
D. Sign in to Microsoft Endpoint Manager admin center.
E. Select Devices > Monitor. Then under Software updates select Per update ring deployment state and choose the deployment ring to review.
Note: Windows 10 and later update rings C Use a built-in report that’s ready by default when you deploy update rings to your devices.
Reference: https://docs.microsoft.com/en-us/intune/windows-update-compliance-reports
You have a Microsoft Entra tenant named contoso.com that contains a group named Contoso Help Desk.
You need to ensure that Contoso Help Desk is added to the local Administrators group whenever a Windows device is joined to contoso.com.
What should you do?
– Assign the Cloud Device Administrator role to Contoso Help Desk.
– Assign the Microsoft Entra Joined Device Local Administrator role to Contoso Help Desk.
– Configure the Enterprise State Roaming settings.
– Enable Microsoft Entra Local Administrator Password Solution (LAPS) for contoso.com.
Explanation:
The Microsoft Entra Joined Device Local Administrator role allows members of a group to be automatically added to the local Administrators group on Windows devices that are joined to the Microsoft Entra tenant. By assigning this role to the Contoso Help Desk group, you ensure that members of this group are granted local administrator privileges on all devices joined to contoso.com.
You have a Microsoft Entra tenant named contoso.com that contains a group named Contoso Help Desk.
You need to ensure that Contoso Help Desk is added to the local Administrators group whenever a Windows device is joined to contoso.com.
What should you do?
– Assign the Cloud Device Administrator role to Contoso Help Desk.
– Assign the Microsoft Entra Joined Device Local Administrator role to Contoso Help Desk.
– Configure the Enterprise State Roaming settings.
– Enable Microsoft Entra Local Administrator Password Solution (LAPS) for contoso.com.
Explanation:
The Microsoft Entra Joined Device Local Administrator role allows members of a group to be automatically added to the local Administrators group on Windows devices that are joined to the Microsoft Entra tenant. By assigning this role to the Contoso Help Desk group, you ensure that members of this group are granted local administrator privileges on all devices joined to contoso.com.
You have a Microsoft Entra tenant named contoso.com that contains a group named Contoso Help Desk.
You need to ensure that Contoso Help Desk is added to the local Administrators group whenever a Windows device is joined to contoso.com.
What should you do?
– Assign the Cloud Device Administrator role to Contoso Help Desk.
– Assign the Microsoft Entra Joined Device Local Administrator role to Contoso Help Desk.
– Configure the Enterprise State Roaming settings.
– Enable Microsoft Entra Local Administrator Password Solution (LAPS) for contoso.com.
Explanation:
The Microsoft Entra Joined Device Local Administrator role allows members of a group to be automatically added to the local Administrators group on Windows devices that are joined to the Microsoft Entra tenant. By assigning this role to the Contoso Help Desk group, you ensure that members of this group are granted local administrator privileges on all devices joined to contoso.com.
You have a Microsoft Entra tenant named contoso.com that contains a group named Contoso Help Desk.
You need to ensure that Contoso Help Desk is added to the local Administrators group whenever a Windows device is joined to contoso.com.
What should you do?
– Assign the Cloud Device Administrator role to Contoso Help Desk.
– Assign the Microsoft Entra Joined Device Local Administrator role to Contoso Help Desk.
– Configure the Enterprise State Roaming settings.
– Enable Microsoft Entra Local Administrator Password Solution (LAPS) for contoso.com.
Explanation:
The Microsoft Entra Joined Device Local Administrator role allows members of a group to be automatically added to the local Administrators group on Windows devices that are joined to the Microsoft Entra tenant. By assigning this role to the Contoso Help Desk group, you ensure that members of this group are granted local administrator privileges on all devices joined to contoso.com.