Microsoft Microsoft 365 Certified: Endpoint Administrator Associate MD-102 Questions & Answers
Question 1:
You are implementing Microsoft Intune Suite.
You enroll devices in Intune as shown in the following table.
The performance of which devices can be analyzed by using Endpoint analytics?
A. Device1 only
B. Device1 and Device2 only
C. Device1, Device2, and Device3 only
D. Device1, Device2, and Device4 only
E. Device1, Device2, Device3, and Device4
Correct Answer: B
Endpoint analytics Prerequisites You can enroll devices via Configuration Manager or Microsoft Intune.
To enroll devices via Intune requires:
*
Intune enrolled or co-managed devices running the following: Windows 10 version 1903 or later July 2021 cumulative update or later
*
Pro, Pro Education, Enterprise, or Education. Home and long-term servicing channel (LTSC) aren't supported.
*
Windows devices must be Azure AD joined or hybrid Azure AD joined. Workplace joined or Azure AD registered devices aren't supported. Network connectivity from devices to the Microsoft public cloud.
Note: Endpoint analytics is part of the Microsoft Adoption Score. These analytics give you insights for measuring how your organization is working and the quality of the experience you're delivering to your users. Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and help you proactively make improvements before end-users generate a help desk ticket.
You have a Windows 10 device named Computer1 enrolled in Microsoft Intune.
You need to configure Computer1 as a public workstation that will run a single customer-facing, full-screen application.
Which configuration profile type template should you use in Microsoft Intune admin center?
A. Shared multi-user device
B. Device restrictions
C. Kiosk
D. Endpoint protection
Correct Answer: C
On Windows 10/11 devices, you can configure these devices to run in single-app kiosk mode. On Windows 10 devices, you can configure these devices to run in multi-app kiosk mode.
Single app, full-screen kiosk
Runs only one app on the device, such as a web browser or Store app.
*
Select a kiosk mode: Choose Single app, full-screen kiosk.
Note: Use policy sets to group collections of management objects Policy sets allow you to create a bundle of references to already existing management entities that need to be identified, targeted, and monitored as a single conceptual unit. A policy set is an assignable collection of apps, policies, and other management objects you've created. Creating a policy set enables you to select many different objects at once, and assign them from a single place. As your organization changes, you can revisit a policy set to add or remove its objects and assignments. You can use a policy set to associate and assign existing objects, such as apps, policies, and VPNs in a single package.
Policy sets don't replace existing concepts or objects. You can continue to assign individual objects and you can also reference individual objects as part of a policy set. Therefore, any changes to those individual objects will be reflected in the policy set.
You can use policy sets to:
Group objects that need to be assigned together Assign your organization's minimum configuration requirements on all managed devices Assign commonly used or relevant apps to all users
You have a Microsoft Intune subscription associated to an Azure AD tenant named contoso.com.
Users use one of the following three suffixes when they sign in to the tenant: us.contoso.com, eu.contoso.com, or contoso.com.
You need to ensure that the users are NOT required to specify the mobile device management (MDM) enrollment URL as part of the enrollment process. The solution must minimize the number of changes.
Which DNS records do you need?
A. one TXT record only
B. three CNAME records
C. three TXT records
D. one CNAME record only
Correct Answer: B
To simplify enrollment, create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers. Otherwise, users trying to connect to Intune must enter the Intune server name during enrollment.
If the company uses more than one UPN suffix, you need to create one CNAME for each domain name and point each one to EnterpriseEnrollment-s.manage.microsoft.com. For example, users at Contoso use the following formats as their email/UPN:
You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune.
You need to review the servicing status of a computer.
What should you do?
A. From Device configuration - Profiles, view the device status.
B. From Software updates, view the Per update ring deployment state.
C. From Software updates, view the audit logs.
D. From Device compliance, view the device compliance.
Correct Answer: B
Reports for Update rings for Windows 10 and later policy.
Intune offers integrated report views for the Windows update ring policies you deploy. These views display details about the update ring deployment and status:
1) Sign in to Microsoft Endpoint Manager admin center.
2) Select Devices > Monitor. Then under Software updates select Per update ring deployment state and choose the deployment ring to review.
Note: Windows 10 and later update rings - Use a built-in report that's ready by default when you deploy update rings to your devices.
You have a workgroup computer named Client1 that runs Windows 11 and connects to a public network.
You need to enable PowerShell remoting on Client1. The solution must ensure that PowerShell remoting connections are accepted from the local subnet only.
Which PowerShell command should you run?
A. Set-PSSessionConfiguration -AccessMode Local
B. Enable-PSRemoting -SkipNetworkProfileCheck
C. Enable-PSRemoting -Force
D. Set-NetFirewallRule -Name “WINRM-HTTP-In-TCP-PUBLIC” -RemoteAddress Any
Correct Answer: B
The Enable-PSRemoting cmdlet configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology. WS-Management based PowerShell remoting is currently supported only on Windows platform.
Indicates that this cmdlet enables remoting on client versions of the Windows operating system when the computer is on a public network. This parameter enables a firewall rule for public networks that allows remote access only from
You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices that run Windows 11.
You need to remove User1 from the local Administrators group on all enrolled devices.
What should you configure?
A. a device compliance policy
B. an account protection policy
C. an app configuration policy
Correct Answer: B
Account protection policy for endpoint security in Intune
Use Intune endpoint security policies for account protection to protect the identity and accounts of your users and manage the built-in group memberships on devices.
Manage local groups on Windows devices
Use the Local user group membership (preview) profile to manage the users that are members of the built-in local groups on devices that run Windows 10 20H2 and later, and Windows 11 devices.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your MD-102 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.