You have a Microsoft Entra tenant named contoso.com that contains a group named Contoso Help Desk.

You need to ensure that Contoso Help Desk is added to the local Administrators group whenever a Windows device is joined to contoso.com.

What should you do?

A. Configure the Enterprise State Roaming settings.

B. Assign the Microsoft Entra Joined Device Local Administrator role to Contoso Help Desk.

C. Enable Microsoft Entra Local Administrator Password Solution (LAPS) for contoso.com.

D. Assign the Cloud Device Administrator role to Contoso Help Desk.

You have a Windows 10 device named Computer1 enrolled in Microsoft Intune.

You need to configure Computer1 as a public workstation that will run a single customerfacing, full-screen application.

Which configuration profile type template should you use in Microsoft Intune admin center?

A. Shared multi-user device

B. Device restrictions

C. Kiosk

D. Endpoint protection

Your company uses Microsoft Intune.

More than 500 Android and iOS devices are enrolled in the Intune tenant.

You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.

You need to ensure that the policies can target the devices based on their version of Android or iOS.

What should you configure first?

A. groups that have dynamic membership rules in Azure AD

B. Device categories in Intune

C. Corporate device identifiers in Intune

D. Device settings in Azure AD

You use Microsoft Defender for Endpoint to protect computers that run Windows 10.

You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline.

Which tool should you use?

A. Microsoft Defender for Endpoint Power 81 app

B. Microsoft Secure Score

C. Endpoint Analytics

D. Microsoft 365 Defender portal

You have a Microsoft 365 E5 subscription. The subscription contains devices that are Microsoft Entra joined and enrolled in Microsoft Intune.

You create a user named User1.

You need to ensure that User1 can rotate Bitlocker recovery keys by using Intune.

Solution: From the Microsoft Intune admin center, you assign the Endpoint Security Manager role to User1.

Does this meet the goal?

A. Yes

B. No

You need to assign the same deployment profile to all the computers that are configured by using Windows Autopilot.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Create an Azure AD group that has dynamic membership rules and uses the ZTDID tag.

B. Create an Azure AD group that has dynamic membership rules and uses the operatingSystem tag.

C. Assign a Windows Autopilot deployment profile to a group.

D. Join the computers to Azure AD.

E. Create a Group Policy object (GPO) that is linked to a domain.

F. Join the computers to an on-premises Active Directory domain.

Your company has a Remote Desktop Gateway (RD Gateway).

You have a server named Server1 that is accessible by using Remote Desktop Services (RDS) through the RD Gateway.

You need to configure a Remote Desktop connection to connect through the gateway.

Which setting should you configure?

A. Connect from anywhere

B. Server authentication

C. Connection settings

D. Local devices and resources

You have a hybrid Azure AD tenant.

You configure a Windows Autopilot deployment profile as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant.

You have devices enrolled in Microsoft Intune.

You assign a conditional access policy named Policy1 to a group named Group1. Policy!

restricts devices marked as noncompliant from accessing Microsoft OneDrive for Business.

You need to identify which noncompliant devices attempt to access OneDrive for Business.

What should you do?

A. From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.

B. From the Microsoft Intune admin center, review Device compliance report.

C. From the Microsoft Intune admin center, review the Noncompliant devices report.

D. From the Microsoft Intune admin center, review the Setting compliance report.

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11.

The computers are Azure AD joined and are enrolled in Microsoft Intune.

You plan to manage Microsoft Defender Antivirus on the computers.

You need to prevent users from disabling Microsoft Defender Antivirus,

What should you do?

A. From the Microsoft Intune admin center, create a security baseline.

B. From the Microsoft 365 Defender portal, enable tamper protection.

C. From the Microsoft Intune admin center, create an account protection policy.

D. From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.