MD-102 Exam Questions

Total 234 Questions

Last Updated Exam : 16-Dec-2024

Topic 4: Mix Question

You have an Azure AD tenant named contoso.com that contains a user named Used. User!
has a user principal name (UPN) of user1@contoso.com.
You join a Windows 11 device named Client 1 to contoso.com.
You need to add User1 to the local Administrators group of Client1.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.






You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center.
What should you configure?


A.

the Azure Monitor agent


B.

a device compliance policy


C.

a Conditional Access policy


D.

an Intune data collection policy





D.
  

an Intune data collection policy



You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?


A.

the Azure portal app


B.

Endpoint analytics


C.

the Company Portal app


D.

Microsoft Power Bl





D.
  

Microsoft Power Bl



You can use the Power BI Compliance app to load interactive, dynamically generated reports for your Intune tenant. Additionally, you can load your tenant data in Power BI using the OData link. Intune provides connection settings to your tenant so that you can view the following sample reports and charts related to:

Devices
Enrollment
App protection policy
Compliance policy
Device configuration profiles
Software updates
Device inventory logs

Note: Load the data in Power BI using the OData link
With a client authenticated to Azure AD, the OData URL connects to the RESTful endpoint in the Data Warehouse API that exposes the data model to your reporting client. Follow these instructions to use Power BI Desktop to connect and create your own reports.
Sign in to the Microsoft Endpoint Manager admin center.
Select Reports > Intune Data warehouse > Data warehouse.
Retrieve the custom feed URL from the reporting blade, for example:
https://fef.{yourtenant}.manage.microsoft.com/ReportingService/DataWarehouseFEService/dates?api-version=v1.0
Open Power BI Desktop.
Choose File > Get Data. Select OData feed.
Choose Basic.
Type or paste the OData URL into the URL box.
Select OK.

If you have not authenticated to Azure AD for your tenant from the Power BI desktop client, type your credentials. To gain access to your data, you must authorize with Azure Active Directory (Azure AD) using OAuth 2.0.

Select Organizational account.
Type your username and password.
Select Sign In.
Select Connect.
Select Load.

Reference: https://docs.microsoft.com/en-us/mem/intune/developer/reports-proc-get-a-linkpowerbi

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to configure an update ring that meets the following requirements:

• Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically seven days after that date.
• The installation of new Windows features can be deferred for 90 days but will install automatically 10 days after that date.
• Devices must restart automatically three days after an update is installed.

How should you configure the update ring? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.






You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.
You need to capture the event togs from the computers to Azure.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.






You have an Azure subscription.
You have an on-premises Windows 11 device named Device 1.
You plan to monitor Device1 by using Azure Monitor.
You create a data collection rule (DCR) named DCR1 in the subscription.
To what should you associate DCR1 ?


A.

Azure Network Watcher


B.

Device1


C.

a Log Analytics workspace


D.

a Monitored Object





B.
  

Device1



Explanation: To monitor Device1 by using Azure Monitor, you should associate DCR1 with Device1. A data collection rule (DCR) defines the data collection process in Azure Monitor, such as what data to collect, how to transform it, and where to send it. A DCR can be associated with multiple virtual machines and specify different data sources, such as Azure Monitor Agent, custom logs, or Azure Event Hubs1. To associate a DCR with a virtual machine, you need to install the Azure Monitor Agent on the machine and then select the DCR from the list of available rules2. You can also use Azure Policy to automatically install the agent and associate a DCR with any virtual machines or virtual machine scale sets as they are created in your subscription3.

The other options are not correct for this scenario because:
Azure Network Watcher is a service that provides network performance monitoring and diagnostics for Azure resources. It is not related to data collection rules or Azure Monitor4.

A Log Analytics workspace is a destination where you can send the data collected by a data collection rule. It is not an entity that you can associate a DCR with5.
A Monitored Object is not a valid term in the context of Azure Monitor or data collection rules.

References: Data collection rules in Azure Monitor, Configure data collection for Azure Monitor Agent, Use Azure Policy to install Azure Monitor Agent and associate with a DCR, What is Azure Network Watcher?, Log Analytics workspaces in Azure Monitor.

You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.
You need to ensure that notifications of iOS updates are deferred for 30 days after the updates are released.
What should you create?


A.

a device configuration profile based on the Device features template


B.

a device configuration profile based on the Device restrictions template


C.

an update policy for iOS/iPadOS


D.

an iOS app provisioning profile





C.
  

an update policy for iOS/iPadOS



Explanation:
Manage iOS/iPadOS software update policies in Intune, delay visibility of software updates. When you use update policies for iOS, you might have need to delay visibility of an iOS software update. Reasons to delay visibility include:
Prevent users from updating the OS manually
To deploy an older update while preventing users from installing a more recent one
To delay visibility, deploy a device restriction template that configures the following settings:
Defer software updates = Yes
This doesn't affect any scheduled updates. It represents days before software updates are visible to end users after release.
Delay default visibility of software updates = 1 to 90
90 days is the maximum delay that Apple supports.

Reference: https://docs.microsoft.com/en-us/mem/intune/protect/software-updates-ios

You have an Azure AD tenant named contoso.com.
You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com.
What should you configure?


A.

Windows Autopilot


B.

provisioning packages for Windows


C.

Security defaults in Azure AD


D.

Device settings in Azure AD





D.
  

Device settings in Azure AD



Explanation: To ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com, you should configure the Device settings in Azure AD. The Device settings allow you to manage which users can join devices to Azure AD and whether they are added as local administrators or standard users. By default, users who join devices to Azure AD are added to the local Administrators group, but you can change this setting to None or Selected1.

The other options are not relevant for this scenario because:

Windows Autopilot is a service that allows you to pre-configure new devices and enroll them automatically to Azure AD and Microsoft Intune. It does not control the local administrator role of the users who join the devices2.

Provisioning packages for Windows are files that contain custom settings and policies that can be applied to Windows devices during the setup process. They do not affect the Azure AD join process or the local administrator role of the users3.

Security defaults in Azure AD are a set of basic identity security mechanisms that are enabled by default to protect your organization from common attacks. They do not include any settings related to device management or local administrator role4. 

References: Manage device identities using the Microsoft Entra admin center, Windows Autopilot, Provisioning packages for Windows 10, What are security defaults?

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11.
The computers are Azure AD joined and are enrolled in Microsoft Intune.
You plan to manage Microsoft Defender Antivirus on the computers.
You need to prevent users from disabling Microsoft Defender Antivirus,
What should you do?


A.

From the Microsoft Intune admin center, create a security baseline.


B.

From the Microsoft 365 Defender portal, enable tamper protection.


C.

From the Microsoft Intune admin center, create an account protection policy.


D.

From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.





B.
  

From the Microsoft 365 Defender portal, enable tamper protection.



Explanation: Tamper protection is a feature of Microsoft Defender Antivirus that prevents users or malicious software from disabling or modifying the antivirus settings. Tamper protection can be enabled from the Microsoft 365 Defender portal for devices that are Azure AD joined and enrolled in Microsoft Intune. This will prevent users from turning off Microsoft Defender Antivirus or changing its configuration through Windows Security, PowerShell, Registry, or Group Policy. References: [Enable tamper protection]

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.







Page 8 out of 24 Pages
Previous