Your network contains an on-premises Active Directory Domain Services (AD DS) domain.

You have a Microsoft 365 E5 subscription that includes Microsoft Intune and syncs with the AD DS domain.

Windows Local Administrator Password Solution (Windows LAPS) is enabled in Microsoft Entra ID.

The subscription has the custom roles shown in the following table.



Microsoft Entra contains the users shown in the following table.



You have the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have the MDM Security Baseline profile shown in the MDM exhibit. (Click the MDM tab.)



You have the ASR Endpoint Security profile shown in the ASR exhibit. (Click the ASR tab.)



You plan to deploy both profiles to devices enrolled in Microsoft Intune. You need to identify how the following settings will be configured on the devices:

• Block Office applications from creating executable content

• Block Win32 API calls from Office macro

Currently, the settings are disabled locally on each device. What are the effective settings on the devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription. The subscription contains 1,000 computers that run Windows 11 and are enrolled in Microsoft Intune.

You plan to create a compliance policy that has the following options enabled:

• Require Secure Boot to be enabled on the device.

• Require the device to be at or under the machine risk score.

Which two Compliance settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft Entra tenant named contoso.com that contains a Windows 11 device named Device1 and a user named User1 User! registers Device1 in contoso.com.

Which capability is available to Device1 after registering in contoso.com.

A. authenticating to cloud resources by using single sign-on (SSO)

B. enforcing software updates

C. enforcing hard drive encryption

D. enforcing compliance policies

You have a Microsoft 365 subscription that contains 5,000 Windows devices enrolled in Microsoft Intune.

You plan to use the Sync and Collect diagnostics bulk device actions.

What is the maximum number of devices you can include in each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains Windows 11 devices enrolled in Microsoft Intune.

You need to use Device query to identify whether a critical security patch was installed on a device.

Which table should you target?

A. Fileinfo

B. OsVersion

C. WindowsQfe

D. Systemlnfo

E. WindowsRegistry

You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.

in the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.

You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.

What should you do first?

A. Import an OS package.

B. Create a selection profile.

C. Add a Gather task to the task sequence.

D. Add a Validate task to the task sequence.

You have a Microsoft 365 E5 subscription that contains devices enrolled in Microsoft Intune.

You plan to use Device query to provide on-demand information about the state of the devices. The solution must minimize costs. What should you do first?

A. Onboard the devices to Endpoint analytics.

B. Purchase the Intune Advanced Analytics add-on.

C. Use the Collect diagnostics remote action.

D. Purchase the Intune Suite add-on.

You have an Azure AD tenant named contoso.com.

You have a workgroup computer named Computer! that runs Windows 11.

You need to add Computer1 to contoso.com.

What should you use?

A. dsreecmd.exe

B. Computer Management

C. netdom.exe

D. the Settings app

You have a Microsoft 365 subscription that contains a user named User1.

You use Microsoft in tune to manage devices that run Windows 11.

You need to remove User1 from the local Administrators group on all enrolled devices. The solution must minimize administrative effort.

What should you configure?

A. a device compliance policy

B. an app configuration policy

C. an account protection policy