- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant that contains the named locations shown in the following table.
You need to create a Conditional Access policy that will have a condition to include only trusted locations. Which two named locations can be marked as trusted? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Correct Answer:
AC
Location 1 and Location 3, both the ones I had as well as they include the IP Ranges Subnet as Trusted locations
- (Exam Topic 4)
Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.
You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune.
You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort.
What should you use?
Correct Answer:
B
Reference:
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Autopilot-Hybrid-Azure-AD-join-and
- (Exam Topic 4)
You have a Microsoft 365 tenant
You have devices enrolled in Microsoft intune.
You assign a conditional access policy nan-ted Policy1 to a group named Group1. Policy1 restricts devices marked as noncompliant from accessing Microsoft OneDrive for Business.
You need to identify which noncompliant devices attempt to access OneDrive for Business. What should you do?
Correct Answer:
B
The Noncompliant devices report provides data typically used by Helpdesk or admin roles to identify problems and help remediate issues. The data found in this report is timely, calls out unexpected behavior, and is meant to be actionable.
Note: Compliance reports help you understand when devices fail to meet your compliance configurations and can help you identify compliance-related issues in your organization.
Open the compliance dashboard
Open the Intune Device compliance dashboard:
Sign in to the Microsoft Endpoint Manager admin center. 
Select Devices > Overview > Compliance status tab.
When the dashboard opens, you get an overview with all the compliance reports. In these reports, you can see and check for:
Overall device compliance Per-policy device compliance Per-setting device compliance Threat agent status
Device protection status View compliance reports
In addition to using the charts on Compliance status, you can go to Reports > Device compliance. Sign in to the Microsoft Endpoint Manager admin center. Select Devices > Monitor, and then from below Compliance select the report you want to view. Some of the available compliance reports include:
Device compliance Noncompliant devices
Devices without compliance policy Setting compliance
Policy compliance Noncompliant policies (preview)
Windows health attestation report Threat agent status
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a workgroup computer named Computer1 that runs Windows 10. You need to add Computer1 to contoso.com.
What should you use?
Correct Answer:
D
If you want to manually join the computer to Azure AD, you can execute the dsregcmd /join command. This command should be run in SYSTEM context (using psexec for example) and will force an attempt to Azure AD.
Reference: https://365bythijs.be/2019/11/02/troubleshooting-hybrid-azure-ad-join/
- (Exam Topic 3)
You implement Boundary1 based on the planned changes.
Which devices have a network boundary of 192.168.1.0/24 applied?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows