DRAG DROP

You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.

You import a Windows 11 image to DS1.

You have an executable installer for an application named App1.

You need to ensure that App1 will be installed for all the task sequences that deploy the image.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Step 1: Add App1 to DS1

First add the application in the MDT console.

Step 2: Identify the GUID of App1.

Install an application when deploying Windows

Step 3: Modify CustomSettings.ini

It is possible in the CustomSettings.ini file, to check the default program to add the following line:

ApplicationsXXX ={GUID-APPLICATION}

or to force the installation of the application box checked and grayed out:

MandatoryApplicationsXXX ={GUID-APPLICATION}

XXX = numerical value from 000 to 999

Reference: https://rdr-it.com/en/mdt-installation-of-applications-when-deploying-windows/

HOTSPOT

Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint includes the device groups shown in the following table.

You onboard a computer to Microsoft Defender for Endpoint as shown in the following exhibit.

What is the effect of the Microsoft Defender for Endpoint configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups

HOTSPOT

You have the device configuration profile shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Box 1: can access any URL

We see: Public Browsing (InPrivate).

Microsoft Edge kiosk mode type: Select the kiosk mode type. Both options help protect user data.

Public Browsing (InPrivate): Runs a limited multi-tab version of Microsoft Edge. Users can browse publicly, or end their browsing session.

Digital/Interactive Signage (InPrivate): Opens a URL full screen, and only shows the content on that website.

Box 2: a single Microsoft Edge instance that has multiple tabs

Reference: https://learn.microsoft.com/en-us/mem/intune/configuration/kiosk-settings-windows

HOTSPOT

You have the device configuration profile shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Box 1: can access any URL

We see: Public Browsing (InPrivate).

Microsoft Edge kiosk mode type: Select the kiosk mode type. Both options help protect user data.

Public Browsing (InPrivate): Runs a limited multi-tab version of Microsoft Edge. Users can browse publicly, or end their browsing session.

Digital/Interactive Signage (InPrivate): Opens a URL full screen, and only shows the content on that website.

Box 2: a single Microsoft Edge instance that has multiple tabs

Reference: https://learn.microsoft.com/en-us/mem/intune/configuration/kiosk-settings-windows

HOTSPOT

You have the device configuration profile shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Box 1: can access any URL

We see: Public Browsing (InPrivate).

Microsoft Edge kiosk mode type: Select the kiosk mode type. Both options help protect user data.

Public Browsing (InPrivate): Runs a limited multi-tab version of Microsoft Edge. Users can browse publicly, or end their browsing session.

Digital/Interactive Signage (InPrivate): Opens a URL full screen, and only shows the content on that website.

Box 2: a single Microsoft Edge instance that has multiple tabs

Reference: https://learn.microsoft.com/en-us/mem/intune/configuration/kiosk-settings-windows

HOTSPOT

You have a Microsoft Entra tenant.

You are creating a dynamic device group named Group1.

Group1 will include only Windows devices that are Microsoft Entra registered.

How should you configure the dynamic membership rule for Group1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

First dropdown: device.deviceTrustType

Second dropdown: "Workplace"

To configure the dynamic membership rule for Group1 to include only Windows devices that are Microsoft Entra registered, you would use the following logic:

The OS type should be "Windows."

The deviceTrustType should be set to "Workplace," which indicates that the device is Microsoft Entra registered (as opposed to "AzureAd," which would indicate Microsoft Entra joined).

HOTSPOT

You have a Microsoft Entra tenant.

You are creating a dynamic device group named Group1.

Group1 will include only Windows devices that are Microsoft Entra registered.

How should you configure the dynamic membership rule for Group1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

First dropdown: device.deviceTrustType

Second dropdown: "Workplace"

To configure the dynamic membership rule for Group1 to include only Windows devices that are Microsoft Entra registered, you would use the following logic:

The OS type should be "Windows."

The deviceTrustType should be set to "Workplace," which indicates that the device is Microsoft Entra registered (as opposed to "AzureAd," which would indicate Microsoft Entra joined).

HOTSPOT

You have a Microsoft Entra tenant.

You are creating a dynamic device group named Group1.

Group1 will include only Windows devices that are Microsoft Entra registered.

How should you configure the dynamic membership rule for Group1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

First dropdown: device.deviceTrustType

Second dropdown: "Workplace"

To configure the dynamic membership rule for Group1 to include only Windows devices that are Microsoft Entra registered, you would use the following logic:

The OS type should be "Windows."

The deviceTrustType should be set to "Workplace," which indicates that the device is Microsoft Entra registered (as opposed to "AzureAd," which would indicate Microsoft Entra joined).

Your company implements Microsoft Entra ID, Microsoft 365, Microsoft Intune.

The company’s security policy states the following:

Personal devices do not need to be enrolled in Intune.

Users must authenticate by using a PIN before they can access corporate email data.

Users can use their personal iOS and Android devices to access corporate cloud services.

Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

E. a device configuration profile from the Microsoft Intune admin center

F. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal

G. an insider risk management policy from the Microsoft Purview compliance portal

H. an app protection policy from the Microsoft Intune admin center

Lösung einblenden Lösung ausblenden

Your company implements Microsoft Entra ID, Microsoft 365, Microsoft Intune.

The company’s security policy states the following:

Personal devices do not need to be enrolled in Intune.

Users must authenticate by using a PIN before they can access corporate email data.

Users can use their personal iOS and Android devices to access corporate cloud services.

Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

E. a device configuration profile from the Microsoft Intune admin center

F. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal

G. an insider risk management policy from the Microsoft Purview compliance portal

H. an app protection policy from the Microsoft Intune admin center

Lösung einblenden Lösung ausblenden