- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device. You need to ensure that CAPolicy1 is enforced.
What should you do?
Correct Answer:
B
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
- (Exam Topic 4)
You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2. Microsoft 365 uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to assign roles in Intune to meet the following requirements:
• The members of Group1 must manage Intune roles and assignments.
• The members of Group2 must assign existing apps and policies to users and devices.
The solution must follow the principle of least privilege.
Which role should you assign to each group? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
To assign roles in Intune to meet the requirements, you should assign the following roles to each group: Group1: Intune Role Administrator Group2: Help Desk Operator
The Intune Role Administrator role is the only Intune role that can manage custom Intune roles and add assignments for built-in Intune roles1. This role meets the requirement for Group1 to manage Intune roles and assignments. The Help Desk Operator role can perform remote tasks on users and devices, and can assign applications or policies to users or devices1. This role meets the requirement for Group2 to assign existing apps and policies to users and devices.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
You need to meet the technical requirements for the iOS devices. Which object should you create in Intune?
Correct Answer:
D
References:
https://docs.microsoft.com/en-us/intune/device-restrictions-configure https://docs.microsoft.com/en-us/intune/device-restrictions-ios
- (Exam Topic 4)
You have the devices shown in the following table.
You need to migrate app data from Device1 to Device2. The data must be encrypted and stored on Seryer1 during the migration.
Which command should you run on each device? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices. When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin. You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10
devices to contoso.com.
Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the Windows Hello for Business enrollment options.
Does this meet the goal?
Correct Answer:
B