MD-102 Endpoint Administrator Question and Answers

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

You need to ensure that computer objects can be created as part of the Windows Autopilot deployment. The solution must meet the technical requirements.

To what should you grant the right to create the computer objects?

Which users can purchase and assign App1?

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Which user can enroll Device6 in Intune?

You have the devices shown in the following table.

You plan to implement Microsoft Defender for Endpoint.

You need to identify which devices can be onboarded to Microsoft Defender for Endpoint.

What should you identify?

You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 11.

You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 11 Enterprise to new computers. The computers have a single hard disk.

You need to modify the task sequence to create a system volume and a data volume.

Which phase should you modify in the task sequence?

You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows 10 Enterprise and has Microsoft Office 2019 installed. You have the Windows 11 Enterprise images shown in the following table.

Which images can be used to perform an in-place upgrade of Device1?

You use Microsoft Defender for Endpoint to protect computers that run Windows 10.

You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline.

Which tool should you use?

-

You have a Microsoft 365 subscription. The subscription contains 1,000 computers that run Windows 11 and are enrolled in Microsoft Intune.

You plan to create a compliance policy that has the following options enabled:

• Require Secure Boot to be enabled on the device.

• Require the device to be at or under the machine risk score.

Which two Compliance settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.

Solution: From the Microsoft Entra admin center, you configure the Authentication methods.

Does this meet the goal?

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune.

You plan to manage Microsoft Defender Antivirus on the computers.

You need to prevent users from disabling Microsoft Defender Antivirus,

What should you do?

Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.

Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the Windows Hello for Business enrollment options.

Does this meet the goal?

You have a Microsoft 365 E5 tenant that contains Windows devices enrolled in Microsoft Intune as shown in the following table.

You create an Endpoint Privilege Management (EPM) elevation settings policy named ElevationSettmgsl that has the following settings:

• Endpoint Privilege Management: Enabled

o Default elevation response: Require user confirmation

o Validation: Business justification

• Assignments: Group1 Each device contains a file named File1.exe that can be run only by an administrator. You create an EPM elevation rules policy named ElevattonRules1 that has the following settings:

• Rule name: Rule1

o Elevation type: Automatic

o File name: Filel.exe

o File hash:

• Assignments: Group2

For each of the following statements, select Yes if the statement is true. Otherwise, select

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription.

You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table.

You need to configure device enrollment to meet the following requirements:

Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager.

Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment.

Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.

You create a policy set named Set1 as shown in the exhibit. (Click the Exhibit tab.)

You enroll devices in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have groups that use the Dynamic Device membership type as shown in the following table.

You are deploying Microsoft 365 apps.

You have devices enrolled in Microsoft Intune as shown in the following table.

In the Microsoft Endpoint Manager admin center, you create a Microsoft 365 Apps app as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription and 100 computers that run Windows 10.

You need to deploy Microsoft Office Professional Plus 2019 to the computers by using Microsoft Office Deployment Tool (ODT).

What should you use to create a customization file for ODT?

Your company has computers that run Windows 10 and are Microsoft Azure Active Directory (Azure AD)-joined.

The company purchases an Azure subscription.

You need to collect Windows events from the Windows 10 computers in Azure. The solution must enable you to create alerts based on the collected events.

What should you create in Azure and what should you configure on the computers? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune. Currently, Windows updates are downloaded without using Delivery Optimization. You need to configure the computers to use Delivery Optimization. What should you create in Intune?

You have the MDM Security Baseline profile shown in the MDM exhibit. (Click the MDM tab.)

You have the ASR Endpoint Security profile shown in the ASR exhibit. (Click the ASR tab.)

You plan to deploy both profiles to devices enrolled in Microsoft Intune. You need to identify how the following settings will be configured on the devices:

• Block Office applications from creating executable content

• Block Win32 API calls from Office macro

Currently, the settings are disabled locally on each device.

What are the effective settings on the devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a workgroup computer named Client1 that runs Windows 11 and connects to a public network.

You need to enable PowerShell remoting on Client1. The solution must ensure that PowerShell remoting connections are accepted from the local subnet only.

Which PowerShell command should you run?

You have a Microsoft 365 E5 subscription that includes Microsoft Intune. The subscription contains a group named Group! Group1 contains devices enrolled in Intune.

You deploy Remote Help in Intune.

You need to configure Remote Help to only allow support administrators to join Remote Help sessions from the devices in Group1.

Which type of Microsoft Entra object should you create, and which type of policy should you configure7 To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

devices

You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices that run Windows 11.

User1 provides remote support for 75 devices in the marketing department.

You need to add User1 to the Remote Desktop Users group on each marketing department device.

What should you configure?

You have a Microsoft Entra tenant that contains the following:

• Windows 11 devices that are joined to Microsoft Entra

• A user that has a display name of User1 and a UPN of user1@contoso.com

You enable Remote Desktop on the Windows 11 devices.

You need to ensure that User1 can use Remote Desktop to connect to the devices.

How should you complete the command that must be run on each device? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure AD tenant that contains the devices shown in the following table.

You purchase Windows 11 Enterprise E5 licenses.

Which devices can use Subscription Activation to upgrade to Windows 11 Enterprise?

Your network contains an on-premises Active Directory Domain Services {AD DS) domain that syncs with an Azure AD tenant by using Azure AD Connect.

You use Microsoft Intune and Configuration Manager to manage devices.

You need to recommend a deployment plan for new Windows 11 devices. The solution must meet the following requirements:

• Devices for the marketing department must be joined to the AD DS domain only. The IT department will install complex applications on the devices at build time, before giving the devices to the marketing department users.

• Devices for The sales department must be Azure AD joined. The devices will be shipped directly from the manufacturer to The homes of the sales department users.

• Administrative effort must be minimized.

Which deployment method should you recommend for each department? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Your network contains an Active Directory domain named contoso.com. The domain contains 25 computers that run Windows 11-

You have a Microsoft 365 subscription

You have an Azure AD tenant that syncs with contoso.com.

You configure hybrid Azure AD join and discover that some of the computers have a registered state of Pending.

You need to ensure that the computers complete the join successfully.

What should you ensure?

You need to implement mobile device management (MDM) for personal devices that run Windows 11. The solution must meet the following requirements:

• Ensure that you can manage the personal devices by using Microsoft Intune.

• Ensure that users can access company data seamlessly from their personal devices.

• Ensure that users can only sign in to their personal devices by using their personal account.

What should you use to add the devices to Azure AD?

You need a new conditional access policy that has an assignment for Office 365 Exchange Online.

You need to configure the policy to meet the technical requirements for Group4.

Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to meet the technical requirements for the iOS devices.

Which object should you create in Intune?

You need to meet the technical requirements for the IT department.

What should you do first?

You need to meet the technical requirements for the new HR department computers.

How should you configure the provisioning package? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You implement Boundary1 based on the planned changes.

Which devices have a network boundary of 192.168.1.0/24 applied?

Which devices are registered by using the Windows Autopilot deployment service?

You are evaluating which devices are compliant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to prepare for the deployment of the Phoenix office computers.

What should you do first?

You need to prepare for the deployment of the Phoenix office computers.

What should you do first?

You need to meet the technical requirements for the LEG department computers.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to meet the requirements for the MKG department users.

What should you do?

You need to resolve the performance issues in the Los Angeles office.

How should you configure the update settings? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

What should you use to meet the technical requirements for Azure DevOps?

You need to recommend a solution to meet the device management requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.