Microsoft 365 Password: i7A4$3o^HGD3L~=c[9xuOhM%^4:s11Ai
If the Microsoft Edge browser or Microsoft 365 portal does not load successfully, select the Microsoft Edge browser icon from the task bar, type the URL "https://portal.office.com", and press Enter.
The following information is for technical support purposes only:
Lab Instance: 48262079
You need to join your computer to the Microsoft Entra tenant.
A. See explanation below. B. PlaceHolder C. PlaceHolder D. PlaceHolder
A. See explanation below.
Explanation
How to Join a Windows device to Microsoft Entra (Active Directory)
Step 1: Sign into
Windows Device: Ensure that you are signed into the Windows device with local administrative privileges. [Skip]
Step 2: Connect to a Network: Make sure your Windows device is connected to the internet, as the Azure AD [Entra] join process requires an internet connection. [Skip]
Step 3:
Open Settings: Press Win + I on your keyboard to open the windows Settings app.
Step 4:
Navigate to Accounts: In the Settings window, click on "Accounts."
Step 5:
Access Work or School: In the Accounts section, click on "Access work or school" on the left-hand menu.
Step 6: Join Azure AD [Join Enta]: Click on the "Connect" button under the "Connect to a work or school" section.
Step 7:
Sign In: A window will appear asking you to sign in. Enter your Azure AD [Entra] credentials, which should be an email address and password associated with your Azure AD [Entra] account.
Step 8: Complete the
Join Process: Follow the on-screen instructions to complete the Azure AD [Entra] join process. You may be asked to confirm your identity through multi-factor authentication (MFA) if it's configured for your Azure AD [Entra] account.
Step 9:
Restart Your Device: After successfully joining Azure AD [Entra], you may be prompted to restart your Windows device. Ensure that you save any work before restarting. [Skip]
Step 10: Verify Azure AD [Entra]
Join: After the restart, you can verify that your device is now joined to Azure AD [Entra]. You can go to "Settings" > "Accounts" > "Access work or school" to see your device listed there. [Skip]
You have a Microsoft 365 tenant that contains the objects shown in the following table.
In the Microsoft Intune admin center, you are creating a Microsoft 365 Apps app named App1.
To which objects can you assign App1?
A. Group3 and Group4 only B. Admin1, Group3, and Group4 only C. Group1, Group3, and Group4 only D. Group1, Group2, Group3, and Group4 only E. Admin1, Group1, Group2, Group3, and Group4
You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Azure AD.
The computers have different update settings, and some computers are configured for manual updates.
You need to configure Windows Update. The solution must meet the following requirements:
1. The configuration must be managed from a central location.
2. Internet traffic must be minimized.
3. Costs must be minimized.
How should you configure Windows Update? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 4:
You have a Microsoft 365 E5 subscription.
All Windows devices are enrolled in Microsoft Intune.
You need to create an app protection policy named Policy1 and apply Policy1 to the devices.
What can you protect by using Policy1?
A. Microsoft Outlook B. Microsoft OneDrive C. Microsoft Teams D. Microsoft Edge
D. Microsoft Edge
Question 5:
DRAG DROP
You have a Microsoft 365 subscription that contains devices enrolled in Microsoft Intune.
You need to create Endpoint security policies to enforce the following requirements:
1. Computers that run macOS must have FileVault enabled.
2. Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
3. Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Which Endpoint security feature should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Box 1: Disk encryption
Computers that run macOS must have FileVault enabled.
Intune supports macOS FileVault disk encryption. FileVault is a whole-disk encryption program that is included with macOS. You can use Intune to configure FileVault on devices that run macOS 10.13 or later.
Box 2: Attack surface reduction (ASR)
Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Attack surface reduction profiles include:
* Application control - Application control settings can help mitigate security threats by restricting the applications that users can run and the code that runs in the System Core (kernel). Manage settings that can block unsigned scripts and MSIs, and restrict Windows PowerShell to run in Constrained Language Mode.
Note: Attack surface reduction rules target certain software behaviors, such as: Launching executable files and scripts that attempt to download or run files Running obfuscated or otherwise suspicious scripts Performing behaviors that apps don't usually initiate during normal day-to-day work
Box 3: Account protection
Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
The account protection policy is focused on settings for Windows Hello and Credential Guard, which is part of Windows identity and access management.
Note: Microsoft Defender Credential Guard protects against credential theft attacks. It isolates secrets so that only privileged system software can access them.
A. User3 only B. User1 and User3 only C. User1, User2, User3, and User4 D. User1, User3, and User4 only E. User3 and User4 only
B. User1 and User3 only
Question 7:
HOTSPOT
You have a Microsoft Entra tenant that contains the groups shown in the following table.
The tenant contains the devices shown in the following table.
The devices have the enrollment restrictions shown in the following table.
For each of the following statements select yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: Yes
Yes - User2 can enroll Device1 by using the Company Portal app.
User2 is in Group2.
Restriction1 and Restriction2 both apply to Group2.
Restriction2 has higher priority (higher value).
Restriction2 alllows MDM and personally owned devices.
Minimum version is 10.0.220000
Device1 is Windows 11.
Box 2: No
No - User1 can enroll Device2 by using automatic enrollment.
User1 is in Group1.
Restriction1 applies to Group1.
Restriction1 blocks personally owned devices [automatic enrollment devices will be blocked].
Box 3: Yes
Yes - User1 can enroll Device3 by using the Company Portal app.
User1 is in Group1.
Restriction1 applies to Group1.
Restriction1 allows MDM enrolled devices [enrolled by using the Company Portal app]
Note: Blocking personal Windows devices
If you block personally owned Windows devices from enrollment, Intune checks to make sure that each new Windows enrollment request has been authorized for corporate enrollment. Unauthorized enrollments are blocked.
The following enrollment methods are authorized for corporate enrollment:
The device enrolls through Windows Autopilot.
The device enrolls through GPO, or automatic enrollment from Configuration Manager for co-management.
The device enrolls through a bulk provisioning package.
The enrolling user is using a device enrollment manager account.
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.
Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. failure events from the Security log B. the list of processes and their execution times C. the average processor utilization D. error events from the System log E. third-party application logs stored as text files
B. the list of processes and their execution times C. the average processor utilization D. error events from the System log
You have a Microsoft 365 E5 subscription that contains three Windows devices named Device1, Device2, and Device3. The devices are managed by using Microsoft Intune. Each device contains a file named Script1.ps1.
Users do NOT have local administrator permissions for the devices.
The subscription contains the groups shown in the following table.
You create two Endpoint Privilege Management (EPM) elevation settings policies that have the following settings:
Name: Policy1
Endpoint Privilege Management: Enabled
- Default elevation response: Deny all requests
- Allow Elevation Detection: No
- Send elevation data for reporting: No
Assignments:
- Included groups: Group1
Name: Policy2
Endpoint Privilege Management: Require support approval
- Allow Elevation Detection: No
- Send elevation data for reporting: No Assignments:
- Included groups: Group3
You create an EPM elevation rules policy named RulesPolicy1 that has the following settings:
Rule name: Rule1
- Elevation type: Automatic
- Child process behavior: Deny all
- File name: Script1.ps1
- File hash: <Hash of Script1.ps1>
Assignments: Group 1, Group2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: No
No - A user on Device1 must get approval before the user can run Script1.ps1 with elevated privileges.
Device1 is in Group1.
Endpoint Privilege Management (EPM) elevation settings Policy1 is assigned to Group1. Policy1 Default elevation response is set to: Deny all requests There is an EPM elevation rules policy named RulesPolicy1.
RulesPolicy1 is assigned to Group1 (and Group2).
RulesPolicy1 is configured for Script1.ps1.
RulesPolicy1 is configured as Automatic: An automatic elevation happens invisibly to the user. There's no prompt, and no indication that the file is running in an elevated context.
Note:
Deny all requests - This option blocks the elevate request action for files that aren't defined in a Windows elevation rules policy.
Box 2: No
No - A user on Device2 must get approval before the user can run Script1.ps1 with elevated privileges.
Device2 is in Group2.
There is no EPM policy for Group2.
The EPM elevation rules policy RulesPolicy1 applies to Group2 (and Group1).
RulesPolicy1 is configured for Script1.ps1.
RulesPolicy1 is configured as Automatic: An automatic elevation happens invisibly to the user. There's no prompt, and no indication that the file is running in an elevated context.
Box 3: Yes
Yes - A user on Device3 must get approval before the user can run Script1.ps1 with elevated privileges.
Device3 is in Group3.
Endpoint Privilege Management (EPM) elevation settings Policy2 is assigned to Group3. Policy3 Endpoint Privilege Management is set to: Require support approval
Note:
Require support approval - When support approval is required, an administrator must approve elevation requests without a matching rule prior to the elevation being required.
About Windows elevation rules policy
Use profiles for Windows elevation rules policy to manage the identification of specific files, and how elevation requests for those files are handled. Each Windows elevation rule policy includes one or more elevation rules. It's with elevation rules that you configure details about the file being managed and requirements for it to be elevated.
You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows 10 Enterprise and has Microsoft Office 2019 installed.
You have the Windows 11 Enterprise images shown in the following table.
Which images can be used to perform an in-place upgrade of Device1?
A. Image1 only B. Image2 only C. Image1 and Image2
B. Image2 only
Explanation
How to Perform an In-Place Upgrade on Windows 11.
To perform an in-place upgrade, you need to do two things. Firstly, you need to download the latest Windows 11 ISO file. Then, you need to run the setup from the ISO file, pick the appropriate in-place upgrade option, and proceed.
1. Download the Windows 11 ISO Image File
First of all, you need to grab the Windows 11 ISO image file. If you don't already have one on hand, check out how to download a Windows ISO without the Media Creation tool for some easy methods.
2. Perform an In-Place Upgrade Using the Windows11 ISO Image File
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your MD-102 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.