Practice Free MD-102 Exam Online Questions
You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows 10 Enterprise and has Microsoft Office 2019 installed.
You have the Windows 11 Enterprise images shown in the following table.
Which images can be used to perform an in-place upgrade of Device1?
- A . Image1 only
- B . Image2 only
- C . Image1 and Image2
B
Explanation:
How to Perform an In-Place Upgrade on Windows 11.
To perform an in- place upgrade, you need to do two things. Firstly, you need to download the latest Windows 11 ISO file. Then, you need to run the setup from the ISO file, pick the appropriate in-place upgrade option, and proceed.
HOTSPOT
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to configure an update ring that meets the following requirements:
Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically seven days after that date.
The installation of new Windows features can be deferred for 90 days but will install automatically 10 days after that date.
Devices must restart automatically three days after an update is installed.
How should you configure the update ring? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: 90
Feature update deferral period
The installation of new Windows features can be deferred for *90 days* but will install automatically 10 days after that date.
Box 2: 14
Quality update deferral period
Fixes and improvements to existing Windows functionality can be deferred for *14 days* but will install automatically seven days after that date.
Box 3: 10
Deadline for feature updates
The installation of new Windows features can be deferred for 90 days but will install automatically *10 days* after that date.
Note: Use deadline settings
Deadline for quality updates
Default: Not configured
Windows Update CSP: Update/ConfigureDeadlineForQualityUpdates
Specifies the number of days a user has before quality updates are installed on their devices automatically (2-30).
Box 4: 7
Grace period
Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically *seven days* after that date.
Note: Grace period
Default: Not configured Windows Update CSP: Update/ConfigureDeadlineGracePeriod
Specifies a minimum number of days after deadline until restarts occur automatically (0-7).
Reference: https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings
HOTSPOT
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to configure an update ring that meets the following requirements:
Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically seven days after that date.
The installation of new Windows features can be deferred for 90 days but will install automatically 10 days after that date.
Devices must restart automatically three days after an update is installed.
How should you configure the update ring? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: 90
Feature update deferral period
The installation of new Windows features can be deferred for *90 days* but will install automatically 10 days after that date.
Box 2: 14
Quality update deferral period
Fixes and improvements to existing Windows functionality can be deferred for *14 days* but will install automatically seven days after that date.
Box 3: 10
Deadline for feature updates
The installation of new Windows features can be deferred for 90 days but will install automatically *10 days* after that date.
Note: Use deadline settings
Deadline for quality updates
Default: Not configured
Windows Update CSP: Update/ConfigureDeadlineForQualityUpdates
Specifies the number of days a user has before quality updates are installed on their devices automatically (2-30).
Box 4: 7
Grace period
Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically *seven days* after that date.
Note: Grace period
Default: Not configured Windows Update CSP: Update/ConfigureDeadlineGracePeriod
Specifies a minimum number of days after deadline until restarts occur automatically (0-7).
Reference: https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings
DRAG DROP
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a PowerShell discovery script and a JSON file
Discovery script – A PowerShell for Windows or a POSIX-compliant shell script for Linux that you create. The script runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Intune admin center before you create a compliance policy and then select the script you want to use when creating a policy.
JSON file – The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting.
Step 2: Upload the PowerShell script to Intune.
Step 3: Create and assign a custom compliancy policy.
Use compliance policies to set rules for devices you manage with Intune.
Create a policy with custom compliance settings
Before you begin to create a policy that will include custom settings, review the prerequisites.
You must first upload an applicable discovery script to Intune, and have a ready JSON to add while creating the policy
Step 4: Review the compliance dashboard for results.
Monitor results of your Intune Device compliance policies
Open the compliance dashboard
DRAG DROP
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a PowerShell discovery script and a JSON file
Discovery script – A PowerShell for Windows or a POSIX-compliant shell script for Linux that you create. The script runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Intune admin center before you create a compliance policy and then select the script you want to use when creating a policy.
JSON file – The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting.
Step 2: Upload the PowerShell script to Intune.
Step 3: Create and assign a custom compliancy policy.
Use compliance policies to set rules for devices you manage with Intune.
Create a policy with custom compliance settings
Before you begin to create a policy that will include custom settings, review the prerequisites.
You must first upload an applicable discovery script to Intune, and have a ready JSON to add while creating the policy
Step 4: Review the compliance dashboard for results.
Monitor results of your Intune Device compliance policies
Open the compliance dashboard
DRAG DROP
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a PowerShell discovery script and a JSON file
Discovery script – A PowerShell for Windows or a POSIX-compliant shell script for Linux that you create. The script runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Intune admin center before you create a compliance policy and then select the script you want to use when creating a policy.
JSON file – The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting.
Step 2: Upload the PowerShell script to Intune.
Step 3: Create and assign a custom compliancy policy.
Use compliance policies to set rules for devices you manage with Intune.
Create a policy with custom compliance settings
Before you begin to create a policy that will include custom settings, review the prerequisites.
You must first upload an applicable discovery script to Intune, and have a ready JSON to add while creating the policy
Step 4: Review the compliance dashboard for results.
Monitor results of your Intune Device compliance policies
Open the compliance dashboard
DRAG DROP
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a PowerShell discovery script and a JSON file
Discovery script – A PowerShell for Windows or a POSIX-compliant shell script for Linux that you create. The script runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Intune admin center before you create a compliance policy and then select the script you want to use when creating a policy.
JSON file – The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting.
Step 2: Upload the PowerShell script to Intune.
Step 3: Create and assign a custom compliancy policy.
Use compliance policies to set rules for devices you manage with Intune.
Create a policy with custom compliance settings
Before you begin to create a policy that will include custom settings, review the prerequisites.
You must first upload an applicable discovery script to Intune, and have a ready JSON to add while creating the policy
Step 4: Review the compliance dashboard for results.
Monitor results of your Intune Device compliance policies
Open the compliance dashboard
DRAG DROP
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a PowerShell discovery script and a JSON file
Discovery script – A PowerShell for Windows or a POSIX-compliant shell script for Linux that you create. The script runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Intune admin center before you create a compliance policy and then select the script you want to use when creating a policy.
JSON file – The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting.
Step 2: Upload the PowerShell script to Intune.
Step 3: Create and assign a custom compliancy policy.
Use compliance policies to set rules for devices you manage with Intune.
Create a policy with custom compliance settings
Before you begin to create a policy that will include custom settings, review the prerequisites.
You must first upload an applicable discovery script to Intune, and have a ready JSON to add while creating the policy
Step 4: Review the compliance dashboard for results.
Monitor results of your Intune Device compliance policies
Open the compliance dashboard
Your company implements Microsoft Entra ID, Microsoft 365, Microsoft Intune.
The company’s security policy states the following:
Personal devices do not need to be enrolled in Intune.
Users must authenticate by using a PIN before they can access corporate email data.
Users can use their personal iOS and Android devices to access corporate cloud services.
Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
You need to configure a solution to enforce the security policy.
What should you create?
E. a device configuration profile from the Microsoft Intune admin center
F. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal
G. an insider risk management policy from the Microsoft Purview compliance portal
H. an app protection policy from the Microsoft Intune admin center
Explanation:
By implementing app-level policies, you can restrict access to company resources and keep data within the purview of your IT department.
Note: The important benefits of using App protection policies are the following:
Protecting your company data at the app level. Because mobile app management doesn’t require device management, you can protect company data on both managed and unmanaged devices. The management is centered on the user identity, which removes the requirement for device management.
End-user productivity isn’t affected and policies don’t apply when using the app in a personal context. The policies are applied only in a work context, which gives you the ability to protect company data without touching personal data.
App protection policies makes sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
MDM, in addition to MAM, makes sure that the device is protected. For example, you can require a PIN to access the device, or you can deploy managed apps to the device. You can also deploy apps to devices through your MDM solution, to give you more control over app management.
Reference: https://docs.microsoft.com/en-us/intune/app-protection-policy
Your company implements Microsoft Entra ID, Microsoft 365, Microsoft Intune.
The company’s security policy states the following:
Personal devices do not need to be enrolled in Intune.
Users must authenticate by using a PIN before they can access corporate email data.
Users can use their personal iOS and Android devices to access corporate cloud services.
Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
You need to configure a solution to enforce the security policy.
What should you create?
E. a device configuration profile from the Microsoft Intune admin center
F. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal
G. an insider risk management policy from the Microsoft Purview compliance portal
H. an app protection policy from the Microsoft Intune admin center
Explanation:
By implementing app-level policies, you can restrict access to company resources and keep data within the purview of your IT department.
Note: The important benefits of using App protection policies are the following:
Protecting your company data at the app level. Because mobile app management doesn’t require device management, you can protect company data on both managed and unmanaged devices. The management is centered on the user identity, which removes the requirement for device management.
End-user productivity isn’t affected and policies don’t apply when using the app in a personal context. The policies are applied only in a work context, which gives you the ability to protect company data without touching personal data.
App protection policies makes sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
MDM, in addition to MAM, makes sure that the device is protected. For example, you can require a PIN to access the device, or you can deploy managed apps to the device. You can also deploy apps to devices through your MDM solution, to give you more control over app management.
Reference: https://docs.microsoft.com/en-us/intune/app-protection-policy