Microsoft - MD-102: Endpoint Administrator
Sample Questions
Question: 153
Measured Skill: Manage applications (10–15%)
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to configure the Microsoft Edge settings for each device.
What should you use?
(To answer, drag the appropriate Intune features to the correct devices. Each feature may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)
A | Device1: App configuration policy
Device2: Device configuration profile
Device3: Device configuration profile |
B | Device1: App configuration policy
Device2: Endpoint security policy
Device3: Device compliance policy |
C | Device1: Device compliance policy
Device2: App configuration policy
Device3: Endpoint security policy |
D | Device1: Device configuration profile
Device2: App configuration policy
Device3: App configuration policy |
E | Device1: Endpoint security policy
Device2: Endpoint security policy
Device3: App configuration policy |
F | Device1: Endpoint security policy
Device2: Device configuration profile
Device3: Device compliance policy |
Correct answer: DExplanation:
You can configure Microsoft Edge policies and settings for Windows 10 devices by adding a device configuration profile to Microsoft Intune.
App configuration policies are used to configure Microsoft Edge policies and settings for Android and iOS/iPadOS devices.
References:
Configure Microsoft Edge policy settings with Microsoft Intune
Manage Microsoft Edge on iOS and Android with Intune
Question: 154
Measured Skill: Manage applications (10–15%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
- Assignments
- Users or workload identities: User1
- Cloud apps or actions: Office 365 Exchange Online
You need to configure CAPolicy1 to allow mailbox access from Device1 but block mailbox access from Device2.
Solution: You add a condition that specifies device platforms.
Does this meet the goal?Correct answer: BExplanation:
The device platforms condition allows to select different platforms such as Android, iOS, Windows phone, Windows, macOS, and Linux. The device platform condition does not allow select specific OS versions.
We need to configure CAPolicy1 so, that it applies only to Device2. To do so, we should make use of the condition filter for devices. We should either make use of the displayName attribute (device.displayName -contains "Device2")
or the operatingSystemVersion attribute (device.operatingSystemVersion -in ["10.0.18363", "10.0.19041", "10.0.19042", "10.0.22000"])
.
Reference: Conditional Access: Filter for devices
Question: 155
Measured Skill: Manage applications (10–15%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
- Assignments
- Users or workload identities: User1
- Cloud apps or actions: Office 365 Exchange Online
You need to configure CAPolicy1 to allow mailbox access from Device1 but block mailbox access from Device2.
Solution: You add a condition to filter for devices.
Does this meet the goal?Correct answer: AExplanation:
We need to configure CAPolicy1 so, that it applies only to Device2. To do so, we should make use of the condition filter for devices. We should either make use of the displayName attribute (device.displayName -contains "Device2")
or the operatingSystemVersion attribute (device.operatingSystemVersion -in ["10.0.18363", "10.0.19041", "10.0.19042", "10.0.22000"])
.
Reference: Conditional Access: Filter for devices
Question: 156
Measured Skill: Manage applications (10–15%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
- Assignments
- Users or workload identities: User1
- Cloud apps or actions: Office 365 Exchange Online
You need to configure CAPolicy1 to allow mailbox access from Device1 but block mailbox access from Device2.
Solution: You add a condition that specifies trusted location.
Does this meet the goal?Correct answer: BExplanation:
We need to configure CAPolicy1 so, that it applies only to Device2. To do so, we should make use of the condition filter for devices. We should either make use of the displayName attribute (device.displayName -contains "Device2")
or the operatingSystemVersion attribute (device.operatingSystemVersion -in ["10.0.18363", "10.0.19041", "10.0.19042", "10.0.22000"])
.
Reference: Conditional Access: Filter for devices
Question: 157
Measured Skill: Manage applications (10–15%)
You have a Microsoft 365 subscription that includes Microsoft Intune.
You have 500 corporate-owned Android devices enrolled as fully managed devices.
You need to prepare an app named App1 for deployment to the devices.
Which two actions should you perform?
(Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.)A | From the Intune Company Portal, download App1. |
B | From the Managed Google Play Store, approve App1. |
C | Sync App1 with Intune. |
D | Create an OEM Config profile. |
Correct answer: B, CExplanation:
Managed Google Play is Google's enterprise app store and sole source of applications for Android Enterprise in Intune. You can use Intune to orchestrate app deployment through Managed Google Play for any Android Enterprise scenario (including personally owned work profile, dedicated, fully managed, and corporate-owned work profile enrollments). How you add Managed Google Play apps to Intune differs from how Android apps are added for non-Android Enterprise scenarios. Store apps, line-of-business (LOB) apps, and web apps are approved in or added to Managed Google Play, and then synchronized into Intune so that they appear in the Client Apps list. Once they appear in the Client Apps list, you can manage assignment of any Managed Google Play app as you would any other app.
Reference: Add Managed Google Play apps to Android Enterprise devices with Intune