0% found this document useful (0 votes)

1K views217 pages

MD - 102 (1 - 147)

The document provides a case study about a company called ADatum Corporation and its Microsoft 365 environment. It describes ADatum's network, users, devices, Intune configuration, and Windows Autopilot configuration. It also lists some planned changes and technical requirements. The case study is presented as a series of questions to test the reader's understanding.

Uploaded by

Raducu Ciprian Gheorghita

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views217 pages

MD - 102 (1 - 147)

Uploaded by

Raducu Ciprian Gheorghita

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 217

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.

com/exams/microsoft/md-102/custom-view/

Question #1 Topic 1

HOTSPOT -

Case study -

Overview -
ADatum Corporation is a consulting company that has a main o�ce in Montreal and branch o�ces in Seattle and New York.
ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -
The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft O�ce 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.

Devices -
ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are con�gured as shown in the following table.

All the Azure AD joined devices have an executable �le named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Con�guration -

Microsoft Intune has the compliance policies shown in the following table.

2 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The Automatic Enrollment settings have the following con�gurations:

MDM user scope: GroupA -

MAM user scope: GroupB -

You have an Endpoint protection con�guration pro�le that has the following Controlled folder access settings:

Name: Protection1 -

Folder protection: Enable -

List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:

Included groups: Group2, GroupB -

Windows Autopilot Con�guration -

ADatum has a Windows Autopilot deployment pro�le con�gured as shown in the following exhibit.

3 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -
ADatum plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
Deployed a network boundary con�guration pro�le that will have the following settings:

Name: Boundary1 -
Network boundary: 192.168.1.0/24

Scope tags: Tag1 -

Assignments:

4 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Included groups: Group1, Group2 -

Deploy two VPN con�guration pro�les named Connection1 and Connection2 that will have the following settings:

Name: Connection1 -

Connection name: VPN1 -

Connection type: L2TP -

Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --

Name: Connection2 -

Connection name: VPN2 -

Connection type: IKEv2 -

Assignments:

Included groups: GroupA -

Excluded groups: GroupB -

Technical Requirements -
ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

  volto Highly Voted  1 month, 3 weeks ago

1. No - only C:\*\AppA.exe can create file in this folder.
2. Yes - Local administrators can delete folder form protected folders list .
3. No - Global Reader haven't privileges to run something on enrolled computers.
upvoted 12 times

  Futfuyfyjfj 3 weeks, 1 day ago

5 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The global reader could sign in to a device and according to the Autopilot profile he will be a standard user locally. However being a standard
Questionuser
#2 still allows to open a non elevated PS window and create a file, tested this, so should be NYY. Topic 1
upvoted 5 times
  deit Highly Voted  1 month, 3 weeks ago
Case study -
I think it's
1. No - only C:\*\AppA.exe can create file in this folder.
2. Yes - Local administrators can delete folder form protected folders list .
3. Yes - Desktop is not a folder protected by default. User can log in to computer and create files in his desktop.
Overview -
upvoted 6 times
ADatum Corporation is a consulting company that has a main o�ce in Montreal and branch o�ces in Seattle and New York.
  Futfuyfyjfj 1 month ago
ADatum has a Microsoft 365 E5 subscription.
I tested this, my situation was not 100% equal, but thuis seems to be right. With non elavated PS I could create a txt file.
upvoted 2 times

  SK_DT-
Environment Most Recent  22 hours, 44 minutes ago
Out of date
upvoted 1 times
Network Environment -
 network
The  majerzg 1 day, 11
contains an hours ago
on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.
2. The question is: user2 can remove D:\Folder1 from the list of protected folders, not - he can remove it from the disk on Device2.
upvoted 1 times

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

Devices -
ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are con�gured as shown in the following table.

All the Azure AD joined devices have an executable �le named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Con�guration -

Microsoft Intune has the compliance policies shown in the following table.

6 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The Automatic Enrollment settings have the following con�gurations:

MDM user scope: GroupA -

MAM user scope: GroupB -

You have an Endpoint protection con�guration pro�le that has the following Controlled folder access settings:

Name: Protection1 -

Folder protection: Enable -

List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1

Assignments:

Included groups: Group2, GroupB -

Windows Autopilot Con�guration -

ADatum has a Windows Autopilot deployment pro�le con�gured as shown in the following exhibit.

7 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Name: Boundary1 -
Network boundary: 192.168.1.0/24

8 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Scope tags: Tag1 -

Assignments:

Included groups: Group1, Group2 -

Deploy two VPN con�guration pro�les named Connection1 and Connection2 that will have the following settings:

Name: Connection1 -

Connection name: VPN1 -

Connection type: L2TP -

Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --

Name: Connection2 -

Connection name: VPN2 -

Connection type: IKEv2 -

Assignments:

Included groups: GroupA -

Excluded groups: GroupB -

Technical Requirements -
ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.

Which devices are registered by using the Windows Autopilot deployment service?

A. Device1 only

B. Device3 only

C. Device1 and Device3 only

D. Device1, Device2, and Device3

Correct Answer: C

Community vote distribution

A (94%) 6%

  volto Highly Voted  1 month, 3 weeks ago

Selected Answer: A
It worries me that there is so much irrelevant information in this question. But let's focus on the answer.
"Currently, there are no devices deployed by using Windows Autopilot." But in autopilot profile, they mark option "Convert all targeted devices to
Autopilot - yes". It means "register all targeted devices to Autopilot if they are not already registered" "The setting only registers the devices in the
assigned group(s) for the Autopilot service"
Autopilot profile is assigned to Group1 exclude Group2 -> Device 1 and Device 3.
But we still have additional requirements:
- Running a supported version of Windows - Device 1 and 3
- Enrolled in an MDM service such as Intune - Device 1 and 3
- A corporate device that's not already registered with Autopilot - only Device 1.
In my opinion, the correct answer is A

9 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 12 times

  ansilva Most Recent  1 day, 2 hours ago

A seems to be correct based on this:

"If you want all devices in the assigned groups to automatically register to Autopilot, set Convert all targeted devices to Autopilot to Yes. All
corporate owned, non-Autopilot devices in assigned groups register with the Autopilot deployment service. Personally owned devices aren't
registered to Autopilot. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot enrolls it again.
After a device is registered in this way, disabling this setting or removing the profile assignment won't remove the device from the Autopilot
deployment service. You must instead remove the device directly"
upvoted 1 times

  RabbitB 6 days, 15 hours ago

Selected Answer: C
Autopilot configuration assigned group
included - Group1
excluded - Group2

exclude always wins to include.

So that Device 2 is excluded and Device 1 and Device 3 are remained.
Answer is C.
upvoted 1 times

  Valavan 5 days, 4 hours ago

Device3 is neither in both the goups
upvoted 1 times

  Valavan 5 days, 4 hours ago

Sorry Device 3 is personal device??
upvoted 1 times

  picho707 1 month ago

This question is so vague. Is the device registered in Intune? if it is not, the Autopilot policy will not apply.
upvoted 1 times

  Futfuyfyjfj 2 weeks, 4 days ago

‘ The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.’
upvoted 1 times

  NoursBear 1 month, 1 week ago

I was also inclined to think only A was correct but the key in the Autopilot policy here is:
"autopilot convert all targeted devices to autopilot"
The personally owned device won't be restaged but just registered. The key here in the question is "which devices will be registered".
I think A and C
upvoted 2 times

  Ferric 3 weeks, 1 day ago

Only corporate owned devices are affected by the "Convert all" setting
https://learn.microsoft.com/en-us/autopilot/profiles#create-an-autopilot-deployment-profile
upvoted 4 times

  Futfuyfyjfj 1 month ago

No the Key here is ‘personally owned’, that’s why Device 3 isn’t AP enabled.
upvoted 2 times

  VirtualJP 1 month, 1 week ago

Selected Answer: A
Another typical misleading question, but in my opinion the closest matching answer would be A
upvoted 2 times

  pinda 1 month, 2 weeks ago

A, device 3 is a personal device
upvoted 3 times

  krzysztofbr 1 month, 3 weeks ago

Selected Answer: A
its pretty simple. device 3 is personally owned, can't be IN autopilot.
so is only one possible answer A
upvoted 2 times

  BossAceVentura 1 month, 3 weeks ago

Answer is correct by exam topics - yes there is irrelevant information in the question.
Group 1 - Has the autopilot profile assigned
Group 2 - Excluded from autopilot

10 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

This leaves device 1 & 3 with the ability to make use of autopilot
Question #3 1 times
upvoted Topic 1

  Valavan 5 days, 4 hours ago

HOTSPOT -
Device 3 is personal not company owned
upvoted 1 times
Case study -
  Futfuyfyjfj 1 month ago
No the Key here is ‘personally owned’, that’s why Device 3 isn’t AP enabled.
Overviewupvoted
- 1 times
ADatum Corporation is 1amonth,
  ExamKiller020 consulting company
4 weeks ago that has a main o�ce in Montreal and branch o�ces in Seattle and New York.
ADatum has
Bit of a Microsoft
a vague 365 E5
question. subscription.
It states: 'Currently, there are no devices deployed by using Windows Autopilot'.
There is no way of knowing if and what devices are 'registered' to autopilot. The deployment profile is assigned after the fact that a device is
registered to autopilot (assuming the correct group is assigned etc). Please correct me if I am missing something.
Environment -
upvoted 1 times

  ExamKiller020 3 weeks, 1 day ago

Network Environment -
I missed the 'Convert all targeted devices to Autopilot' in the autopilot configuration.
The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.
Answer is A
upvoted 2 times

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

The adatum.com tenant contains the users shown in the following table.

Devices -
ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are con�gured as shown in the following table.

All the Azure AD joined devices have an executable �le named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Con�guration -

Microsoft Intune has the compliance policies shown in the following table.

11 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The Automatic Enrollment settings have the following con�gurations:

MDM user scope: GroupA -

MAM user scope: GroupB -

You have an Endpoint protection con�guration pro�le that has the following Controlled folder access settings:

Name: Protection1 -

Folder protection: Enable -

List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:

Included groups: Group2, GroupB -

Windows Autopilot Con�guration -

ADatum has a Windows Autopilot deployment pro�le con�gured as shown in the following exhibit.

12 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Name: Boundary1 -
Network boundary: 192.168.1.0/24

Scope tags: Tag1 -

Assignments:

13 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Included groups: Group1, Group2 -

Deploy two VPN con�guration pro�les named Connection1 and Connection2 that will have the following settings:

Name: Connection1 -

Connection name: VPN1 -

Connection type: L2TP -

Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --

Name: Connection2 -

Connection name: VPN2 -

Connection type: IKEv2 -

Assignments:

Included groups: GroupA -

Excluded groups: GroupB -

Correct Answer:

  sh123df Highly Voted  1 month, 3 weeks ago

No
No
Yes
Answer is correct
upvoted 9 times

14 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  krzysztofbr 1 month, 3 weeks ago

wrong answer!
upvoted 1 times

  Futfuyfyjfj 1 month ago

It’s correct. Device with no policies are marked as compliant based in the setting in the image. Furthermore policy 1 & 2 are assigned both to
group 1, so device 1 can’t be compliant
upvoted 6 times
  Contactfornitish Most Recent  8 hours ago
Device 1 would not be compliant since Policy 2 would fail for that
Device 4 (yes registered device can be checked for compliance, though no profile possible) is not compliant
Device 5 would be compliant since group 3 is getting no policy and no policy means compliant

No, No, yes

upvoted 1 times

  picho707 3 days, 4 hours ago

Can someone explain why Device4 is is a "No"
It appears to me that the device is personally owned so the policy will not apply meaning that using these backward settings may be a "Yes".
I am under the understanding that compliance policies require devices to be Azure Ad Joined to be able to properly report compliance results.
upvoted 1 times

  FrenchDuck 3 weeks, 5 days ago

So for Device 1 it's a Yes bc the way it's arranged, from my understanding, Group one only needs either or to be marked as compliant. Compared
to Device 2\group 2, it explicitly states it needs Bitlocker AND Secure boot, hence why it's a Not Compliant for me. Device 5 \ group 3 however , it's
up to interpretation based on what Ive read in MS Learn so I'm going with Not Compliant based on here:
https://learn.microsoft.com/en-us/training/modules/implement-device-compliance/4-deploy-policy
upvoted 2 times

  Futfuyfyjfj 3 weeks, 1 day ago

In stead of what you are writing you mean it’s a No?
upvoted 1 times

  picho707 1 month ago

These answers are so backward. I will fire the Intune administrator for configuring something like this.
upvoted 4 times

  NoursBear 1 month, 1 week ago

Well I was going for Yes No Yes because a device without a compliant policy is to be marked as compliant, so I don't know now as no one is
thinking like me
upvoted 4 times

  Futfuyfyjfj 3 weeks, 1 day ago

But device1 is assigned to 2 policies, which makes a No for device 1….
upvoted 2 times

  ShiftDeL 1 month, 1 week ago

No
No
Yes for device 5 as :"Mark devices with no compliance policy assigned as: Compliant" has been configured.
upvoted 2 times

  VirtualJP 1 month, 1 week ago

I'm going with:
No
No
Yes
upvoted 3 times

  krzysztofbr 1 month, 3 weeks ago

Guys, so many wrong answers in the comments below!!
BossAceVentura: your comment is correct.
"Yes - Device is part of group 1 which require only Bitlocker
No - Requires both bitlocker and secure boot
No - there is no group 3 policy"
upvoted 2 times

  Futfuyfyjfj 1 month ago

Lol, you are wrong: Mark devices with no compliance policy assigned as: Compliant" has been configured.
upvoted 2 times

  BossAceVentura 1 month, 3 weeks ago

Yes - Device is part of group 1 which require only Bitlocker
No - Requires both bitlocker and secure boot
No - there is no group 3 policy

15 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 4 times
Question #4 Topic 1
  Futfuyfyjfj 1 month ago
Wrong: Mark devices with no compliance policy assigned as: Compliant" has been configured.
Case study -
upvoted 1 times

 - krzysztofbr 1 month, 3 weeks ago

Overview
hmm I checked answer again
ADatum Corporation is a consulting company that has a main o�ce in Montreal and branch o�ces in Seattle and New York.
about device 1 there is a conflict of two different compliance policies, group1 has two different compliance polices
ADatum"If
has a Microsoft 365
a compliance E5evaluates
policy subscription.
against the same setting in another compliance policy, then the most restrictive compliance policy setting
applies."
the answers
Environment
NO -
NO
NO
Network Environment -
upvoted 1 times
The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.
  Futfuyfyjfj 1 month, 3 weeks ago
Wrong group 1 is assigned to Policy 1 AND policy 2. So members of group 1 are required to have bitlocker enabled and secure boot.
Furthermore device 5 isn’t assigned to Andy compliance policy. The image of the default compliance policy shows these kind of Devices are
considered Compliant.
upvoted 1 times
ADatum has a hybrid Azure AD tenant named adatum.com.
  Joe9011 1 month, 3 weeks ago
UsersShould Device- 1 not be "yes"? Its a member of group1 which require BitLocker only, which it has?
and Groups
upvoted 2 times
The adatum.com tenant contains the users shown in the following table.
  Joe9011 1 month, 3 weeks ago
Nvm, on 2nd read-through seen that Policy 2 is applied to Group1 which requires Secure boot.
No
No
Yes
All users upvoted 4 timesa Microsoft O�ce 365 license and an Enterprise Mobility + Security E3 license.
are assigned
Enterprise
 State Roaming is
 krzysztofbr enabled
1 month, for Group1
3 weeks ago and GroupA.
Group1 anddevice
Group25 have a Membership
this impossible. type
there of Assigned.
is no Group 3 policy. Im thinking about device 1
upvoted 1 times
Devices -
  Futfuyfyjfj 3 weeks, 1 day ago
ADatum has the Windows
Device with10
nodevices
policiesshown in the following
are marked table.
as compliant based in the setting in the image. Furthermore policy 1 & 2 are assigned both to group
1, so device 1 can’t be compliant
upvoted 3 times

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are con�gured as shown in the following table.

All the Azure AD joined devices have an executable �le named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Con�guration -

Microsoft Intune has the compliance policies shown in the following table.

16 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The Automatic Enrollment settings have the following con�gurations:

MDM user scope: GroupA -

MAM user scope: GroupB -

You have an Endpoint protection con�guration pro�le that has the following Controlled folder access settings:

Name: Protection1 -

Folder protection: Enable -

List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:

Included groups: Group2, GroupB -

Windows Autopilot Con�guration -

ADatum has a Windows Autopilot deployment pro�le con�gured as shown in the following exhibit.

17 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements -

Name: Boundary1 -
Network boundary: 192.168.1.0/24

Scope tags: Tag1 -

Assignments:

18 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Included groups: Group1, Group2 -

Deploy two VPN con�guration pro�les named Connection1 and Connection2 that will have the following settings:

Name: Connection1 -

Connection name: VPN1 -

Connection type: L2TP -

Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --

Name: Connection2 -

Connection name: VPN2 -

Connection type: IKEv2 -

Assignments:

Included groups: GroupA -

Excluded groups: GroupB -

Technical Requirements -
ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
You implement Boundary1 based on the planned changes.
Which devices have a network boundary of 192.168.1.0/24 applied?

A. Device2 only

B. Device3 only

C. Device1, Device2, and Device5 only

D. Device1, Device2, Device3, and Device4 only

Correct Answer: B

Community vote distribution

D (95%) 5%

  letters1234 Highly Voted  1 month, 2 weeks ago

Selected Answer: D
Both Personal and Corporate devices can be enrolled to Intune, the network boundary can be assigned to enrolled Windows 10/11 devices.
https://learn.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows

The Boundary is assigned to Group 1 & 2, Devices 1,2,3 and 4 have membership to these groups. Device 5 is not part of the membership for Group
1 & 2 so doesnt receive the policy.
upvoted 11 times

  deinth Highly Voted  1 month, 4 weeks ago

Selected Answer: D
I think it should be D. As the boundary group is asigned to Group 1 and 2
upvoted 7 times

  volto 1 month, 3 weeks ago

Not only group membership defines assignment, but also scope tags. Device 3 belongs to Group 1 and has the correct scope tag.
The correct answer is B
upvoted 6 times

19 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  letters1234 1 month, 2 weeks ago

Question #5 Topic 1
Scope tags are: "You can use role-based access control and scope tags to make sure that the right admins have the right access and visibility
to the right Intune objects."
https://learn.microsoft.com/en-us/mem/intune/fundamentals/scope-tags
HOTSPOT -
You have a ItMicrosoft
isn't used forsubscription.
365 deployment/assignment to users or devices. Only administration.
upvotedIntune
You use Microsoft 9 timesSuite to manage devices.
 the
You have Joe9011
iOS app1 protection
month, 3 weeks ago
policy shown in the following exhibit.
I read it the same
upvoted 1 times

  NoursBear Most Recent  1 month, 1 week ago

Selected Answer: B
Only Device 3 hast Scope Tag Tag1
upvoted 1 times

  Rocky83 4 days ago

Tags have nothing to do with it, you need to study a little more champs.
upvoted 1 times

  Futfuyfyjfj 2 weeks, 2 days ago

You obviously don’t know what scope tags are and how to use them…
upvoted 4 times

  BossAceVentura 1 month, 3 weeks ago

Answer is D - Group 1 and 2 is part of group A - which is part of the device assignment
upvoted 4 times

  ismaelo 1 month, 3 weeks ago

Las etiquetas de ámbito determinan qué objetos pueden ver los administradores, no que politica o restricción aplica a los dispositivos. Para mí la
respuesta correcta es la D.
https://learn.microsoft.com/es-es/mem/intune/fundamentals/scope-tags
upvoted
Use the 2 timesmenus to select the answer choice that completes each statement based on the information presented in the graphic.
drop-down
NOTE:
  Each correct selection is worth one point.
sh123df 1 month, 3 weeks ago
If looking at scope tag so answer is correct.
upvoted 3 times

  Futfuyfyjfj 3 weeks, 1 day ago

Scope tags doesn’t matter in case of device assignments
upvoted 3 times

Correct Answer:

  krzysztofbr Highly Voted  1 month, 3 weeks ago

pin and account credentials
reset app pin NOT device pin
upvoted 15 times

  Grg433 1 month ago

yes , it should be 'rest app pin' no ?
upvoted 2 times

20 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Rewound Highly Voted  1 month, 3 weeks ago

How would iOS APP protection policy reset DEVICE PIN?
upvoted 6 times

  Temptset Most Recent  6 days, 9 hours ago

1. PIN and account credentials
2. Reset the app PIN

1. EXPLANATION (PIN and account credentials)

Select Require to require the user to sign in with their work or school account instead of entering a PIN for app access. If you set this to Require,
and PIN or biometric prompts are turned on, both corporate credentials and either the PIN or biometric prompts are shown.

SOURCE: https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#access-requirements

2. EXPLANATION (Reset the app PIN)

It's an APP protection policy, meaning the settings CAN'T apply to the device layer/level. An app policy is only allowed to utilize services on a
device, but can't change device configurations.
upvoted 2 times

  Suresh_2411 6 days, 15 hours ago

Pin and account credentials
Reset APP pin (since it is a app protection policy)
upvoted 2 times

  NoursBear 1 month, 1 week ago

For the second question I think Device Pin is correct:
From Microsoft:
Timeout (minutes of inactivity)
Specify a time in minutes after which either a passcode or numeric (as configured) PIN will override the use of a fingerprint or face as method of
access. This timeout value should be greater than the value specified under 'Recheck the access requirements after (minutes of inactivity)'.
It's inactivity of the device not of an app
upvoted 1 times

  NoursBear 1 month, 1 week ago

sorry my bad, App PIN... I misread something
upvoted 5 times

  VirtualJP 1 month, 1 week ago

I'm going with krzysztofbr's answer
upvoted 2 times

  letters1234 1 month, 2 weeks ago

Credential and PIN (or Biometrics if configured) will be required when re-check is done.

Work or school account credentials for access

https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#access-requirements

And yes, just App PIN reset as device is not workplace joined/managed, only app protection policy.
upvoted 4 times

  Futfuyfyjfj 1 month, 2 weeks ago

If you set this to Require, and PIN or biometric prompts are turned on, both corporate credentials and either the PIN or biometric prompts are
shown.
upvoted 2 times

  ansilva 1 month, 3 weeks ago

this would reset the app pin not the device pin
upvoted 3 times

21 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #6 Topic 1

DRAG DROP -
You have a Microsoft 365 E5 subscription and a computer that runs Windows 11.
You need to create a customized installation of Microsoft 365 Apps for enterprise.
Which four actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and
arrange them in the correct order.

Correct Answer:

  casti Highly Voted  2 months ago

The correct answer is:
1. Download ODT application
2. Create a configuration file (XML)
3. setup.exe /download to download the installation files
4. setup.exe /configure to deploy the application

https://learn.microsoft.com/en-us/deployoffice/deploy-microsoft-365-apps-local-source
1. Download ODT application
2. Create a configuration file (XML)
3. setup.exe /download to download the installation files
4. setup.exe /configure to deploy the application
https://learn.microsoft.com/en-us/deployoffice/deploy-microsoft-365-apps-local-source
https://learn.microsoft.com/en-us/deployoffice/overview-office-deployment-tool#download-the-installation-files-for-microsoft-365-apps
upvoted 27 times

  ZaFletch Most Recent  3 days, 7 hours ago

The packager switch creates an App-V package, which is not mentioned in the question and would in no way be possible before downloading ODT.
Are the answers deliberately wrong here? That seems mental.
upvoted 1 times

22 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  tempelier1975 3 weeks, 1 day ago

A mod need to edit this. Shown solution is not right!
The correct answer is:
1. Download ODT app
2. Create a configuration file (XML)
3. setup.exe /download to download the install files
4. setup.exe /configure to install
upvoted 2 times

  NoursBear 1 month, 1 week ago

Can't understand how the official answer could be so wrong. The correct way was obvious to everyone here.
upvoted 2 times

  letters1234 1 month, 2 weeks ago

casti is right, cant have the xml to edit if you havent got the ODT downloaded (it comes part of the exe unzipping)
upvoted 2 times

  GaloCO 2 months ago

The order of those steps re wrong
upvoted 1 times

  GaloCO 2 months ago

1. Download ODT application
2. Create a configuration file (XML)
3. setup.exe /download to download the installation files
4. setup.exe /configure to deploy the application
upvoted 4 times

23 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #7 Topic 1

You have devices enrolled in Microsoft Intune as shown in the following table.

On which devices can you apply app con�guration policies?

A. Device2 only

B. Device1 and Device2 only

C. Device3 and Device4 only

D. Device2, Device3, and Device4 only

E. Device1, Device2, Device3, and Device4

Correct Answer: C

Community vote distribution

C (100%)

  volto Highly Voted  1 month, 3 weeks ago

Selected Answer: C
iOS and Android only
upvoted 11 times

  krzysztofbr 1 month, 2 weeks ago

app configuration exist also for Windows but in preview. I hope exam measure features not in preview. so i Agree wit You
upvoted 1 times

  Futfuyfyjfj 1 month ago

No you are referring to app PROTECTION policies. Question is about app CONFIGURATION policies
upvoted 1 times

  krzysztofbr Highly Voted  1 month, 4 weeks ago

was for Android and IOS only not for Windows:)
upvoted 5 times

  Jacob75 Most Recent  2 weeks, 6 days ago

Selected Answer: C
The answer is C --
"You can create and use app configuration policies to provide configuration settings for both iOS/iPadOS or Android apps."

https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-overview
upvoted 2 times

  ChrisMD102 1 month ago

Just checked my intune admin center and the correct answer is device 3 and 4 only
upvoted 2 times

  JGMG 1 month ago

The answer is:
E. Device1, Device2, Device3, and Device4.

App configuration policies can be applied to all managed devices, regardless of the platform. Managed devices are devices that are enrolled in
Microsoft Intune and have a management profile installed. In this case, all four devices are managed devices, so app configuration policies can be
applied to all of them.

Here is a breakdown of the different platforms and whether they can be managed by Intune:

Windows 10 and Windows 11: Yes

Android: Yes
iOS: Yes
macOS: No
Linux: No
So the correct answer is E.

24 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 1 times

  Futfuyfyjfj 1 month ago

Wrong, take a look yourself Intune-Apps-app configuration policies and try to create one , you will see you are wrong
upvoted 1 times
  krzysztofbr 1 month, 4 weeks ago
bit confusing. just because in the past app protection was for Android and Windows only
now in preview We have app protection for Windows
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-overview
https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-windows

but answer C just because exam was launched eariel than new feautures regardin MAM for Windows
upvoted 2 times

  volto 1 month, 3 weeks ago

App protection policies != App configuration policies
upvoted 2 times

  Futfuyfyjfj 1 month, 2 weeks ago

Those two are different configurations, don’t confuse them. It’s in the name.
upvoted 3 times

25 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #8 Topic 1

HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.

All devices contain an app named App1 and are enrolled in Microsoft Intune.
You need to prevent users from copying data from App1 and pasting the data into other apps.
Which type of policy and how many policies should you create in Intune? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  FrenchDuck 4 weeks ago

Since it mentioned Intune apps, it implies apps possibly managed by Intune, so I am thinking 2 possible scenarios as to why it's 3 policies: 1) for
enrolled, un-enrolled, and Windows devices or 2) for the different platforms (even though windows has Windows-Information Protection instead of
Intune)
upvoted 1 times

  NoursBear 1 month, 1 week ago

I think the number of policies is 2 because in the WIP Policy I cannot find an entry to prevent copy/paste between apps, I see this setting only in
Android/iOS Policies. I saw other options about receiving data but that was something else. Well that's my take on it.
upvoted 1 times

  NoursBear 1 month, 1 week ago

OK I finally found what I was looking for about WIP:
Using protected apps. Managed apps (apps that you've included on the Protected apps list in your WIP policy) are allowed to access your
enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP
management is set to Block, your employees can copy and paste from one protected app to another protected app, but not to personal apps.
Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but
makes a mistake and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn't
paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
But I just could not find the option within the policy itself. So 3 Policies it is.
upvoted 5 times

26 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  letters1234 1 month, 2 weeks ago

Windows Information Protection can be configured under App Protection Policies and has been around for a while, it's going to be replaced with
Purview Information Protection though. So three sounds right to me based on the amount of options in protection policies.
https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-
azure
upvoted 3 times

  F3RRY 1 month, 3 weeks ago

But why is the minimum 3?
upvoted 1 times

  Futfuyfyjfj 1 month, 2 weeks ago

one for each platform
upvoted 2 times

  krzysztofbr 1 month, 3 weeks ago

should be two. for Android and IOS only. protection for Windows is something pretty new. still in preview
upvoted 1 times

  Futfuyfyjfj 3 weeks, 1 day ago

Should be 3, windows information protection is often called app protection policies. The exam isn’t already adjusted on the recently released
Windows App Protection Policies for Edge only.
upvoted 2 times

  krzysztofbr 1 month, 4 weeks ago

answer seems be correct. just beacuse We also have protection for Windows but this is in PREVIEW
https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-windows
upvoted 1 times

  Futfuyfyjfj 1 month, 2 weeks ago

They are referring to Windows Information Protection, it is there for quite Some time already and de deprecation was already announced, take a
look in your Intune portal under app protection politiek
upvoted 1 times

27 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #9 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You plan to deploy two apps named App1 and App2 to all Windows devices. App1 must be installed before App2.
From the Intune admin center, you create and deploy two Windows app (Win32) apps.
You need to ensure that App1 is installed before App2 on every device.
What should you con�gure?

A. the App1 deployment con�gurations

B. a dynamic device group

C. a detection rule

D. the App2 deployment con�gurations

Correct Answer: C

Community vote distribution

D (100%)

  _WTH_ Highly Voted  2 months ago

correct answer is D. with a detection rule app2 could install before app1, intune would simply call app2 a failed install due to app1 not being
detected. the correct answer is app2 deployment configuration (must list app1 as a requirement or dependency) surely?
upvoted 15 times

  GarySappig 1 month, 4 weeks ago

Think so as well.

Detection rule is only so that Intune know that the application is correctly installed. With SCCM for example, even when the deteciton rule is
configured incorretly the application still installs, you only get a failure to detect if it's installed correctly.

Requirement or a dependency would be a better option to be sure that APP1 is installed.

upvoted 1 times

  ZaFletch Highly Voted  1 month, 3 weeks ago

Selected Answer: D
Detection rule won't work here. Detection rules are to confirm the app is or is not installed on the machine. If you configured it to detect the prior
install then it will mark app2 as installed and take no further action.

You need a dependency on app2 that will detect app1 then install app1
upvoted 5 times

  Praveenm2712 Most Recent  1 week, 1 day ago

D is correct as you need to add dependency.
upvoted 1 times

  norelissme 2 weeks, 3 days ago

Selected Answer: D
D is correct
upvoted 1 times

  ExamKiller020 3 weeks, 1 day ago

Answer is D. But don't use the detection rule methode as some other mentioned. Use the dependency option in intune. Detection rule is to check if
the application installed succesfully. You would have no idea if the seconde app installed succesfully.
upvoted 1 times

  _WTH_ 3 weeks, 6 days ago

Selected Answer: D
correct answer is D
upvoted 1 times

  AryViegas 1 month, 1 week ago

A é a correta.
upvoted 1 times

  Mavrix 1 month, 2 weeks ago

28 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Selected Answer: D
Detection rules in Win32 apps are telling Intune how to tell if the application has been installed or not. Configure a dependency in the win32 app
deployment screen even has this wording:
"Software dependencies are applications that must be installed before this application can be installed"

Configure App1 first so that it'll be selectable in the dependencies section

upvoted 1 times
  letters1234 1 month, 2 weeks ago
Selected Answer: D
D correct
upvoted 2 times

  blacky14 1 month, 3 weeks ago

Selected Answer: D
D is correct
upvoted 3 times

  Sprocket10 1 month, 4 weeks ago

Selected Answer: D
correct answer is D
upvoted 5 times

  casti 1 month, 4 weeks ago

Checked in my test environment. It is possible to configure the detection rule, to install (or not) checking that a registry key exists (or not)
Therefore, in the application that is installed second, the detection rule can be set so that it is not installed until there is a registry key that creates
the installation of the first App.
upvoted 1 times

  Futfuyfyjfj 1 month, 2 weeks ago

I think you are mistaking, detection rules in the Win32 app config solely serve the application installation detection. It is not meant to create
depedencies or aan app install order:
https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-add#step-4-detection-rules
D is correct
upvoted 3 times

  casti 1 month, 4 weeks ago

C it,s Correct
upvoted 2 times

29 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #10 Topic 1

You have a Microsoft Intune subscription.

You have devices enrolled in Intune as shown in the following table.

An app named App1 is installed on each device.

What is the minimum number of app con�guration policies required to manage App1?

A. 1

B. 2

C. 3

D. 4

E. 5

Correct Answer: B

Community vote distribution

B (100%)

  krzysztofbr Highly Voted  1 month, 3 weeks ago

Selected Answer: B
answer B is correct You need app protection for both platforms, separately
upvoted 5 times

  Futfuyfyjfj 1 month, 2 weeks ago

Correct, although the answer remains the same, the question is about app configuration policies, not app protection policies :-)
upvoted 2 times

30 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #11 Topic 1

You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.
You need to deploy a custom line-of-business (LOB) app to the devices by using Intune.
Which extension should you select for the app package �le?

A. .intunemac

B. .ipa

C. .apk

D. .appx

Correct Answer: B

Community vote distribution

B (100%)

  krzysztofbr Highly Voted  1 month, 3 weeks ago

Selected Answer: B
B correct IPA (like beer:))
https://learn.microsoft.com/en-us/mem/intune/apps/lob-apps-ios
upvoted 10 times

  Gr8Greet Most Recent  2 months ago

Selected Answer: B
correct
upvoted 2 times

  casti 2 months ago

Seems correct: https://learn.microsoft.com/en-us/mem/intune/apps/lob-apps-ios
upvoted 3 times

31 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #12 Topic 1

You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1.
App1 must only accept modern authentication requests.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:

Assignments -
Users or workload identities: User1

Cloud apps or actions: App1 -

Access controls -

Grant: Block access -

You need to block only legacy authentication requests to App1.
Which condition should you add to CAPolicy1?

A. Filter for devices

B. Device platforms

C. User risk

D. Sign-in risk

E. Client apps

Correct Answer: E

Community vote distribution

E (100%)

  Gr8Greet Highly Voted  2 months ago

Selected Answer: E
Seems to be correct.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication
upvoted 8 times

  mhmyz Most Recent  3 days, 10 hours ago

Selected Answer: E
Correct
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy
upvoted 1 times

  poppinaz 1 week, 1 day ago

Correct
upvoted 1 times

  Rocky83 1 week, 5 days ago

Selected Answer: E
Correct
upvoted 1 times

  pinda 2 weeks, 3 days ago

Selected Answer: E
Correct
upvoted 1 times

32 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #13 Topic 1

HOTSPOT -
All users have Microsoft 365 apps deployed.
You need to con�gure Microsoft 365 apps to meet the following requirements:
Enable the automatic installation of WebView2 Runtime.
Prevent users from submitting feedback.
Which two settings should you con�gure in the Microsoft 365 Apps admin center? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  ExamKiller020 3 weeks, 1 day ago

Given answer is correct:
Enable the automatic installation of WebView2 Runtime > Device Configuration > Modern Apps Settings

33 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Prevent users from submitting feedback > Policy management

upvoted 2 times

  ronct 4 weeks, 1 day ago

i verified this in the admin center at config.office.com and it is correct
upvoted 2 times

  NoursBear 1 month, 1 week ago

I don't understand Microsoft 365 apps is not covered anywhere in the MD102 course
upvoted 3 times

34 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #14 Topic 1

You have a Microsoft 365 subscription.

You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM).
You need to deploy the Microsoft 365 Apps for enterprise suite to all the computers.
What should you do?

A. From the Microsoft Intune admin center, create a Windows 10 device pro�le.

B. From Azure AD, add an app registration.

C. From Azure AD, add an enterprise application.

D. From the Microsoft Intune admin center, add an app.

Correct Answer: A

Community vote distribution

D (100%)

  Gr8Greet Highly Voted  2 months ago

Selected Answer: D
It should be D.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-add-office365#select-microsoft-365-apps
upvoted 13 times

  ZaFletch Most Recent  3 days, 7 hours ago

Selected Answer: D
It's pretty clearly D
upvoted 1 times

  ExamDumpEnjoyer 1 week ago

Selected Answer: D
https://learn.microsoft.com/en-us/mem/intune/apps/apps-add-office365#select-microsoft-365-apps
upvoted 1 times

  Rocky83 1 week, 5 days ago

Selected Answer: D
Admin please change the answer.
upvoted 1 times

  zeos_ucok 2 weeks ago

Selected Answer: D
https://learn.microsoft.com/en-us/mem/intune/apps/apps-add-office365#select-microsoft-365-apps
upvoted 1 times

  Rocky83 2 weeks, 5 days ago

Selected Answer: D
I would like a very good explanation why A
upvoted 4 times

  HN99 3 weeks, 1 day ago

Selected Answer: D
D is correct
upvoted 1 times

  minniesj 3 weeks, 5 days ago

Selected Answer: D
Answer is D
upvoted 1 times

  usmansyed23 1 month, 1 week ago

Selected Answer: D
https://learn.microsoft.com/en-us/mem/intune/apps/apps-add-office365#select-microsoft-365-apps
upvoted 1 times

35 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  RAJKPB 1 month, 2 weeks ago

Selected Answer: D
D is the correct answer
upvoted 2 times

  ZaFletch 1 month, 3 weeks ago

Selected Answer: D
Who in the world put A here?
upvoted 4 times

  krzysztofbr 1 month, 4 weeks ago

answer D
upvoted 2 times

36 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #15 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been o�ine for 30 days.
You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned
by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.
What should you use?

A. a Delete action

B. a Retire action

C. a Fresh Start action

D. an Autopilot Reset action

Correct Answer: B

Community vote distribution

A (74%) B (26%)

  ExamKiller020 Highly Voted  3 weeks, 1 day ago

Selected Answer: A
The clue in this question is: You need to remove Device1 from Intune immediately

So basically the only option that is left is 'delete' as this instantly removes the device from intune and only removes company data.

ref: https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-admin-center
upvoted 6 times

  ansilva Most Recent  2 days, 2 hours ago

Theres contradictory statements in this questions. "Remove immediately" makes me think its also A but if the question also says "personal data
must be retained" the only option that provides that is retire. Wiping the device removes both personal and company data which is not what the
question stated as a requirement.
upvoted 1 times

  Rocky83 1 week, 5 days ago

Selected Answer: A
Delete
If you want to remove devices from the Intune admin center, you can delete them from the specific device pane. The next time the device checks
in, any company data on it will be removed as Intune also retires a device when deleting it from the admin center.
upvoted 2 times

  zeos_ucok 2 weeks ago

Selected Answer: B
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
When you use the Retire device action, the user's personal data is not removed from the device.
upvoted 1 times

  pinda 2 weeks, 3 days ago

Selected Answer: B
The Retire action in Intune is designed to gracefully remove a device from management. When a device is retired, it will remove the company data
and settings while preserving user data, personal apps, and OEM-installed apps. If the device checks in again, it won't trigger a wipe of user data
and personal apps.
upvoted 2 times

  pinda 2 weeks, 3 days ago

Selected Answer: B
"retire" removes the corperate date
upvoted 1 times

  Thesa7 2 weeks, 5 days ago

For me it should be B "Retire". Intune Profile will be remove immediate at the same time, personal apps is retained.
upvoted 1 times

  ronct 4 weeks, 1 day ago

Retire:

37 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The Retire action removes app data, settings, and Intune managed email profiles from the device12.
The device will still show up in Intune until the device checks in12.
Retire leaves users’ personal data on the device2.
If your device has an Autopilot hash assigned (Zero Touch ID, ZTDID) it will NOT be deleted from Azure AD2.
Delete:

Delete performs the same tasks that Retire does3.

However, it removes the device from the Intune “All devices” list immediately3.
If you want to remove stale devices immediately, use the Delete action instead12.

answer is A Delete
upvoted 2 times

  Grg433 1 month ago

Selected Answer: B
I think as question mentioned - User-installed apps, personal data, and OEM-installed apps must be retained. - for this we can choose 'retire'
: The Retire action is specifically designed to retire the device from Intune management. When you retire a device, it unenrolls from Intune, and
Intune removes the company data and apps that were deployed to the device while preserving user-installed apps, personal data, and OEM-
installed apps.
upvoted 2 times

  picho707 1 month ago

Delete will remove corporate and personal data. A is not the right answer.
upvoted 1 times

  Futfuyfyjfj 2 weeks, 2 days ago

Source?

As the question states "You need to remove Device1 from Intune immediately" I'd be inclined to go with option A as a delete yields: The next
time the device checks in, any company data on it will be removed as Intune also retires a device when deleting it. https://learn.microsoft.com
/en-us/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-admin-center
upvoted 1 times

  NoursBear 1 month, 1 week ago

A for me too
upvoted 1 times

  VirtualJP 1 month, 1 week ago

Selected Answer: A
As the question states "You need to remove Device1 from Intune immediately" I'd be inclined to go with option A as a delete yields: The next time
the device checks in, any company data on it will be removed as Intune also retires a device when deleting it.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-admin-center
upvoted 3 times

  VirtualJP 6 hours, 37 minutes ago

I am incorrect as I did not read the question properly.
It states "User-installed apps, personal data, and OEM-installed apps must be retained."
For this outcome, the answer would have to be "B"
upvoted 1 times

  letters1234 1 month, 2 weeks ago

Selected Answer: A
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#retire
"If you want to remove stale devices immediately, use the Delete action instead."

Otherwise, the device will stay in Intune console till your configured cleanup rule.
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

please read carefully question " The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are
removed"
answer B
upvoted 7 times

  Futfuyfyjfj 1 month ago

Reply carefully please:

From https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe " If you want to remove stale devices immediately, use
the Delete action instead" "If you want to remove devices from the Intune admin center, you can delete them from the specific device pane.
The next time the device checks in, any company data on it will be removed as Intune also retires a device when deleting it from the admin
center."
upvoted 2 times

  RAJKPB 1 month, 2 weeks ago

38 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Selected Answer: A
If you want to remove devices from the Intune admin center, you can delete them from the specific device pane.
The next time the device checks in, any company data on it will be removed as Intune also retires a device when deleting it from the admin center.
If you want to remove stale devices immediately, use the Delete action instead.
Delete will also issue the retire command but it will remove the device from the All devices list immediately
upvoted 2 times
  moshkoshbgosh 1 month, 3 weeks ago
Selected Answer: A
The requirement is immediate removal, so I would choose A instead.

From https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe

" If you want to remove stale devices immediately, use the Delete action instead"

"If you want to remove devices from the Intune admin center, you can delete them from the specific device pane. The next time the device checks
in, any company data on it will be removed as Intune also retires a device when deleting it from the admin center."
upvoted 2 times

  krzysztofbr 1 month, 3 weeks ago

NO, retire will be exactly the same fast as Wipe. and You will not erase personal data.
upvoted 2 times

  Futfuyfyjfj 1 month ago

Retire won’t delete the device immediatly as required
upvoted 1 times

  krzysztofbr 1 month, 4 weeks ago

answer B correct
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
upvoted 1 times

  Futfuyfyjfj 3 weeks, 1 day ago

From https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe " If you want to remove stale devices immediately, use the
Delete action instead" "If you want to remove devices from the Intune admin center, you can delete them from the specific device pane. The
next time the device checks in, any company data on it will be removed as Intune also retires a device when deleting it from the admin center."
upvoted 1 times

39 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #16 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to review the startup times and restart frequencies of the devices.
What should you use?

A. Azure Monitor

B. Intune Data Warehouse

C. Microsoft Defender for Endpoint

D. Endpoint analytics

Correct Answer: D

Community vote distribution

D (100%)

  krzysztofbr Highly Voted  1 month, 4 weeks ago

D seems correct
upvoted 5 times

  Futfuyfyjfj 1 month, 2 weeks ago

https://learn.microsoft.com/en-us/mem/analytics/startup-performance
upvoted 5 times

  pinda Most Recent  2 weeks, 3 days ago

Selected Answer: D
Correct
upvoted 2 times

40 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #17 Topic 1

HOTSPOT -
You have a Microsoft 365 E5 subscription.
You create a new update rings policy named Policy1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

41 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Rocky83 1 week, 5 days ago

Correct

Feature updates are released as soon as they become available. Feature updates aren't available for LTSC devices. Quality updates: Quality updates
are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time)
upvoted 3 times

  NoursBear 1 month ago

The answer is correct. The Quality updates will be published 30 days after market release, Feature Updates can have a value of upto 365 days.
For both "This period is in addition to any deferral period that is part of the service channel you select. " In this case it is presumed it is the normal
plebs channel.
Both answers are correct.
upvoted 2 times

  letters1234 1 month, 2 weeks ago

"The new policy starts the countdown for the update installation deadline from when the update is published plus any deferral."
https://learn.microsoft.com/en-us/windows/deployment/update/update-policies
The update is available to market, there is then a deferral of 30 days, which then makes it available for a device, once the device has found the
update there will be a deadline for 30 days to install and reboot. 60 days total.

Otherwise, the 30 day deadline and 30 day deferral would line up and all devices would be required to install and reboot same day.
upvoted 3 times

  krzysztofbr 1 month, 3 weeks ago

answer is correct
upvoted 1 times

  Sprocket10 1 month, 4 weeks ago

Immediately and 30 days seems correct to me.
Can be deffered for up to 30 days but must be installed within 30 days
upvoted 2 times

  Buzl 2 months ago

I think second box should be 60 days: deferral of 30 days for feature updates and then needs to be installed within the next 30 days
upvoted 2 times

  volto 1 month, 3 weeks ago

Deadline for updates means "Specifies the number of days a user has before (...) updates are installed on their devices automatically."
upvoted 1 times

42 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #18 Topic 1

You have computers that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is con�gured to collect all available
events from the Windows event logs.
The computers have the logged events shown in the following table.

Which events are collected in the Log Analytics workspace?

A. 1 only

B. 2 and 3 only

C. 1 and 3 only

D. 1, 2, and 4 only

E. 1, 2, 3, and 4

Correct Answer: D

Community vote distribution

D (100%)

  letters1234 Highly Voted  1 month, 2 weeks ago

Selected Answer: D
Need to be careful of the wording as well. "Success" is not an event log type. Critical. Warning, Error, Information and Verbose are the event log
types. There is Audit Success and Audit Failure in Security event logs (which cant be collected).

But in the scenario, there is no 2 & 4 option, so D.

upvoted 5 times

  krzysztofbr Most Recent  1 month, 3 weeks ago

Selected Answer: D
You can collect all logs except security
upvoted 2 times

  BossAceVentura 1 month, 3 weeks ago

They say all events in the question - Why not E ?
upvoted 1 times

  sh123df 1 month, 3 weeks ago

Answer is correct.
You can't configure collection of security events from the workspace by using the Log Analytics agent. You must use Microsoft Defender for Cloud
or Microsoft Sentinel to collect security events. The Azure Monitor agent can also be used to collect security events.
upvoted 3 times

  Joe9011 1 month, 3 weeks ago

Why not eventid 3?
upvoted 1 times

  Joe9011 1 month, 3 weeks ago

Just looked it up, D is correct;

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

"You can't configure collection of security events from the workspace by using the Log Analytics agent. You must use Microsoft Defender for
Cloud or Microsoft Sentinel to collect security events. The Azure Monitor agent can also be used to collect security events."
upvoted 3 times

  rmac 1 month, 3 weeks ago

you cannot collect security logs, from this page:
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

You can't configure collection of security events from the workspace by using the Log Analytics agent. You must use Microsoft Defender for
Cloud or Microsoft Sentinel to collect security events. The Azure Monitor agent can also be used to collect security events.

43 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 2 times

Question #19 Topic 1

You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work pro�le and is
enrolled in Microsoft Intune.
You need to con�gure the devices to run a single app in kiosk mode.
Which Con�guration settings should you modify in the device restrictions pro�le?

A. Users and Accounts

B. General

C. System security

D. Device experience

Correct Answer: D

Community vote distribution

D (100%)

  letters1234 Highly Voted  1 month, 2 weeks ago

Selected Answer: D
Currently Intune has
Home > Android > Configuration Profiles > Device Restrictions > Device Experience":
"Enrollment type - Dedicated" and "Kiosk Mode - Single App"
upvoted 10 times

  krzysztofbr 1 month, 2 weeks ago

thanks for this comment i agree
upvoted 4 times

  NoursBear Most Recent  1 month ago

I have thought long about this one. Basically initially you need to create an ios app for Defender itself and then deploy a policy for the settings, so
you would need to do C and D
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide&
viewFallbackFrom=o365-worldwide%20and%20deploying%20a%20policy
Another company with sample questions (probably the same as here) on a video also had C but I guess the same answer will always be C wherever
...
upvoted 1 times

  Futfuyfyjfj 1 month ago

I guess you are replying to the wrong question? Because what you are writing makes no sense at all.
upvoted 3 times

  NoursBear 1 month ago

D is correct. This is located unter "Android Enterprise", maybe some other people missed that this is for Android like me. However I didn't know
you would set mobile devices as Kiosk
upvoted 2 times

  Fortind1974 1 month, 1 week ago

Selected Answer: D
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-android-for-work#device-experience
upvoted 1 times

  krzysztofbr 1 month, 3 weeks ago

Selected Answer: D
there is no correct answer LOL
under profile restriction, in INTUNE there is a tab called "KIOSK"
the closest answer is D but is still incorrect
upvoted 1 times

44 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #20 Topic 1

You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune.
You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize
administrative effort.
What should you do?

A. Onboard the macOS devices to the Microsoft Purview compliance portal.

B. From the Microsoft Intune admin center, create a security baseline.

C. Install Defender for Endpoint on the macOS devices.

D. From the Microsoft Intune admin center, create a con�guration pro�le.

Correct Answer: C

Community vote distribution

D (100%)

  ronct Highly Voted  4 weeks, 1 day ago

The wording of the question is

You need to ensure that you CAN apply Microsoft Defender for Endpoint antivirus policies to the macOS devices.

that suggests you need to make the devices ABLE to receive the policies, not push the policies themselves. Creating a configuration profile alone
will not enable you to apply policies, Microsoft Defender for Endpoint needs to be installed and then you CAN apply policies.
upvoted 6 times

  BossAceVentura Highly Voted  1 month, 3 weeks ago

C wont minimize admin effort
Answer is D
upvoted 5 times

  Temptset Most Recent  5 days, 5 hours ago

Selected Answer: D
The answer has to be "D":
- Installing the client app (MDE) manually results in administrative overhead
- MDE can be deployed through the Intune portal by adding the app: MDE (macOS)
- Configuration policy does NOT equal to the configuration of MDE antivirus policies

Theoretically, this means you should NOT install the app (manually) due to administrative overhead it would cause, hence you should use Microsoft
Intune to deploy the app like any other app through the portal (add app).

Secondly, the most important key takeaway, even if you would install the MDE client app and have MDE antivirus policies configured, the policy still
wouldn't apply, because a configuration profile is required (for licensing purposes). The following documentation proves this:
upvoted 1 times

  Temptset 5 days, 5 hours ago

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide

To add the cherry on top for your own visualization, go to "Dean Ellerby MVP"'s YT account and watch both videos on MDE posted on the 18th
and 21th of August 23.
upvoted 1 times

  ZaFletch 1 month, 3 weeks ago

Selected Answer: D
The question asks to make sure you can apply policies to Defender.

In theory that will require C and D, if defender is not installed it can't apply policies.

If only one option is allowed then D, C on it's own won't allow policy, just installs the app.
D can apply policies, they'll have no effect if the app is not present but they will apply. Wording of the question implies that defender may already
be installed.

It's a poorly phrased question but D seems the best answer.

upvoted 4 times

  Gr8Greet 2 months ago

Selected Answer: D

45 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac
On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer
upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on New configuration profiles for
macOS Big Sur and newer versions of macOS.
upvoted 3 times

  Futfuyfyjfj 3 weeks, 1 day ago

But the question states:
You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices.
So it’s not a matter of HOW to apply them (which config type i.e.) but how you can ENSURE that you CAN apply them. In this case I would say C,
without the client you can’t apply anything. Need to admit it’s a vague question
upvoted 4 times

46 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #21 Topic 1

You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.
You need to con�gure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative
effort.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. To con�gure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and con�gure the Windows Defender Antivirus settings.

B. To con�gure Microsoft Defender Firewall, create a device con�guration pro�le and con�gure the Device restrictions settings.

C. To con�gure Microsoft Defender Antivirus, create a device con�guration pro�le and con�gure the Endpoint protection settings.

D. To con�gure Microsoft Defender Antivirus, create a device con�guration pro�le and con�gure the Device restrictions settings.

E. To con�gure Microsoft Defender Firewall, create a device con�guration pro�le and con�gure the Endpoint protection settings.

F. To con�gure Microsoft Defender Firewall, create a Group Policy Object (GPO) and con�gure Windows Defender Firewall with Advanced
Security.

Correct Answer: CE

Community vote distribution

DE (52%) BC (26%) CE (22%)

  deinth Highly Voted  1 month, 2 weeks ago

Selected Answer: DE
for firewall E:
https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-
in-intune

for antiviurs D:
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus
upvoted 9 times

  SalonaSahni 1 month, 1 week ago

DE is the Answer
D:Microsoft Defender Antivirus: Device config-Device Restrictions- It has 28-34 settings for Antivrus.
E: Microsoft Defender Firewall- Device config- Endpoint Protection (Global settings, netwok settings, Firewall rules)

I have cross checked the lab. THe Endpoint Protection does not have the option for MS Defender Antivirus.
upvoted 2 times

  Futfuyfyjfj 4 weeks, 1 day ago

Checked this in Intune and DE is the only correct aswer!
upvoted 1 times

  minasamy Highly Voted  1 month, 3 weeks ago

Selected Answer: BC
B and C are the correct answers :

B. Creating a device configuration profile and configuring the Device restrictions settings allows you to manage the Microsoft Defender Firewall
settings on your Azure AD joined Windows 10 devices through Microsoft Intune. This profile can help you configure and manage firewall rules and
settings without the need for traditional Group Policy.

C. Creating a device configuration profile and configuring the Endpoint protection settings allows you to manage Microsoft Defender Antivirus
settings on your Azure AD joined Windows 10 devices through Microsoft Intune. This profile enables you to configure antivirus settings, exclusions,
scanning options, and more, all while minimizing administrative effort.
upvoted 5 times

  Futfuyfyjfj 4 weeks, 1 day ago

I just checked in the Intune portal, but there is no Defender firewall component in Device restrictions. However in device restrictions IS a
Defender AV option. I consider your answer as wrong. I am still going for DE
upvoted 1 times

  Rocky83 Most Recent  1 week, 5 days ago

Selected Answer: CE
If you think about admin effort ... CE makes sense

47 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 1 times
  pinda 2 weeks, 3 days ago
Selected Answer: BC
B. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings. This will allow you
to configure firewall settings via Intune, ensuring consistency across your devices.

C. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings. This will allow
you to configure antivirus settings and policies via Intune, making it easy to manage across your devices.
upvoted 1 times

  BJS78 3 weeks ago

Weird question.
Antivirus can be configured inside: Device configuration / Admin templates/Endpoint protection, Device configuration /Admin templates/ Custom
(OMA-URI) / Endpoint Security / Antivirus as well.
Firewall can be configured via Device configuration /Admin templates/ Custom (OMA-URI) and Endpoint Security / Firewall.
So for "minimize administrative effort" could be the key. For me, it would be configure both on Endpoint Security. (Worth to mention is that the
best way for Antivirus would be Settings Catalog as there you can have LOT others, like Security Center settings under one config)
upvoted 1 times

  BJS78 3 weeks ago

Admin templates --> Templates
upvoted 1 times

  NoursBear 1 month ago

For me it's B and E. When I go to my Intune and create a Policy, go to Device Restrictions I have all the settings for Defender AV. To configure the
Firewall (Firewall and rules) I go to Intune select Endpoint Security, Firewall and there create a profile. The problem things keep moving so god
knows how old this question is
upvoted 1 times

  NoursBear 1 month ago

arghhh sorry D and E
upvoted 3 times

  JP1900 1 month, 2 weeks ago

Selected Answer: DE
D - MS Defender Antivirus is under Device Restriction settings
E - Defender Firewall is under Endpoint Protection settings
Both are under Devices, then Configuration profiles, then select Templates from the dropdown.
upvoted 3 times

  letters1234 1 month, 2 weeks ago

Selected Answer: CE
Antivirus and Firewall can be configured on Endpoint Protection, Firewall can't be configured on Device Restrictions. Configuring the two
requirements on the one Endpoint Protection profile reduces administrative overhead. Having the extended options of Antivirus on a Device
Restriction profile also increases overhead, more to configure/understand before implementation.
upvoted 4 times

  letters1234 1 month, 2 weeks ago

Didn't look at the lab close enough, the AV configuration in Endpoint Protection is just blocking end user access to AV section in Defender
Security Centre on the device. Minasamy is right.
upvoted 1 times

48 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #22 Topic 1

You have an Azure AD group named Group1. Group1 contains two Windows 10 Enterprise devices named Device1 and Device2.
You create a device con�guration pro�le named Pro�le1. You assign Pro�le1 to Group1.
You need to ensure that Pro�le1 applies to Device1 only.
What should you modify in Pro�le1?

A. Assignments

B. Settings

C. Scope (Tags)

D. Applicability Rules

Correct Answer: C

Community vote distribution

A (79%) D (21%)

  minasamy Highly Voted  1 month, 3 weeks ago

Selected Answer: A
I will go for A
upvoted 6 times

  krzysztofbr Highly Voted  1 month, 3 weeks ago

Selected Answer: A
there is no option, You have to modify assignments
upvoted 6 times

  ZaFletch Most Recent  3 days, 7 hours ago

Selected Answer: A
D is not possible in this case because it only allows OS version or edition as variables. To specify a device you have to use A.

A is the only way to specify the device.

upvoted 1 times

  Rocky83 1 week, 5 days ago

Selected Answer: A
Assignments >> Filter ... Add device2 in the excluded devices
upvoted 2 times

  WalexyJimi 1 week, 5 days ago

Selected Answer: D
I believe the correct and is D. You can use the Applicability Rule to specify which device receives the profile1.
Read more here: https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create.
upvoted 1 times

  BJS78 3 weeks ago

Scope (Tags) is for RBAC.
upvoted 2 times

  ronct 4 weeks ago

Selected Answer: D
Assignments in Microsoft Intune are used to determine which users or devices should receive a particular policy, app, or other item. In this case, the
policy (Profile1) is already assigned to Group1, which contains both Device1 and Device2.

If you were to modify the assignments, you would be changing which users or devices the policy applies to. However, since both devices are in the
same group (Group1), modifying the assignments wouldn’t allow you to target only Device1.

On the other hand, Applicability Rules allow you to further filter within an assigned group based on certain criteria. This means you can set rules
that make the policy applicable only to Device1, even though it’s assigned to a group that also contains Device2. That’s why modifying the
Applicability Rules is the correct choice in this scenario.
upvoted 1 times

  Futfuyfyjfj 3 weeks ago

Do you know applicability rules solely give you the option to specify an OS version and an OS edition? In this case the edition is the same, so
you can’t use this variable. The exact Windows version/build is unknown, so you can’t use this either. So D is wrong

49 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 3 times
  Grg433 1 month ago
Selected Answer: D
I am sure it is not A as by doing that the Device 2 will also be added ( as question mentioned the profile1 applies to device1 only )
My reasoning for D is = In the Applicability Rules section of the device configuration profile, you can specify conditions or rules that determine
which devices the profile should apply to. By creating an applicability rule that targets Device1 specifically, you can ensure that Profile1 only applies
to that device, even though it's assigned to Group1. This allows you to target specific devices within a group.
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create
upvoted 2 times

  Futfuyfyjfj 4 weeks, 1 day ago

Good point, however I don’t agree with you. Although the question and the answers lack some required details, applicability rules solely give
you the option to specify an OS version and an OS edition. OS edition is no option since the question states both are Enterprises editions. We
don’t know which version the devices are running, so we can’t rely on this.
Therefore my shot is B, modify Assignments and add a filter or an exclude group, but question does not specify whether this is possible and the
order of performing these action is for both answers a little weird.
upvoted 3 times

  Futfuyfyjfj 4 weeks, 1 day ago

I meant A off course
upvoted 2 times

  picho707 1 month ago

I agree with you. It is D. Neither C or A makes any sense regarding what is being requested as the final outcome.
upvoted 1 times

  NoursBear 1 month ago

A probably. Applicability Rules does exist I have it in my Intune but that can only be applied if in a group some computers have another edition or
OS 1version that can be differentiated, so no good for this scenario. There will have to be an exclusion assignment too I guess.
upvoted 3 times

  Crismo 1 month, 1 week ago

I would take A as well. Scope tags seems incorrect to me since its purpose is to restrict access of an admin group to a collection of machines.
upvoted 2 times

  letters1234 1 month, 2 weeks ago

You could use filters but that isn't an option. Applicability Rules doesn't exist in Intune anymore for deployment of a Configuration Profile. Settings
would be the actual configuration profile. Scope Tags are administrative instead of targeting. Assignments would require another group to be
available for targeting such as Exclude group.
upvoted 3 times

50 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #23 Topic 1

DRAG DROP -
You have a Microsoft 365 subscription that includes Microsoft Intune.
You need to implement a Microsoft Defender for Endpoint solution that meets the following requirements:
Enforces compliance for Defender for Endpoint by using Conditional Access
Prevents suspicious scripts from running on devices
What should you con�gure? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once,
or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

  VirtualJP 2 weeks, 6 days ago

I believe this answer to be correct
upvoted 2 times

  JP1900 1 month, 2 weeks ago

Without an Intune connection, how can the policies apply? The original answer is correct.
upvoted 2 times

  mail2bala3011 1 month, 3 weeks ago

Seems like the answer is correct:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide
upvoted 2 times

  krzysztofbr 1 month, 3 weeks ago

You are wrong Intune connection doesn't enforce antyhing
upvoted 1 times

  Futfuyfyjfj 4 weeks, 1 day ago

No you are wrong compliance policy checks are device checkin dependent. Although this answer is not very well specified, its still the best
one:
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot
upvoted 1 times

  krzysztofbr 1 month, 4 weeks ago

the second part about ASR seems correct but
enforces comliance "intune connection"
it should be security baseline i guess. this is set off seetings relevant for compliance requirements
upvoted 3 times

  Futfuyfyjfj 1 month, 1 week ago

I agree the answer is vague, but Intune enforces online compliance checks. Therefore an active intune connection is required. So Intune
connection here is the best of the worst I guess.
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot
upvoted 2 times

51 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #24 Topic 1

Your network contains an on-premises Active Directory domain and an Azure AD tenant.
The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.

You need to migrate the existing Default Domain Policy GPO settings to a device con�guration pro�le.
Which device con�guration pro�le type template should you use?

A. Administrative Templates

B. Endpoint protection

C. Device restrictions

D. Custom

Correct Answer: C

Community vote distribution

C (81%) Other

  volto Highly Voted  1 month, 3 weeks ago

Selected Answer: C
Answer C is correct
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#password
upvoted 10 times

  krzysztofbr 1 month, 2 weeks ago

You are correct! so many wrong answers again! inside device restrictions, You have password settings. your link shows everything regarding
password
upvoted 3 times

  RabbitB Most Recent  1 week, 1 day ago

Selected Answer: C
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure
upvoted 1 times

  letters1234 1 month, 2 weeks ago

Selected Answer: C
Custom OMA-URI and ADMX are considered legacy by Microsoft, even if the option did exist, they would expect a Template or Settings Catalog
configuration.
upvoted 2 times

  JP1900 1 month, 3 weeks ago

Selected Answer: A
https://learn.microsoft.com/en-us/mem/intune/configuration/administrative-templates-windows
upvoted 1 times

  JP1900 1 month, 2 weeks ago

Correct answer is C
upvoted 2 times

  volto 1 month, 3 weeks ago

Where do you see in administrative templates settings regarding password history or number of characters?
upvoted 1 times

  JP1900 1 month, 2 weeks ago

You are correct, C it is.
upvoted 3 times

  Gr8Greet 2 months ago

52 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Selected Answer: D
Custom
https://danielchronlund.com/2018/11/27/how-to-replace-your-old-gpos-with-intune-configuration-profiles/
upvoted 2 times

  NoursBear 1 month ago

A custom policy uses OMA-URI to change properties on a device. You don't use OMA-URI for such configuration.
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

You dont need custom policy
upvoted 1 times

53 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #25 Topic 1

You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.
Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. failure events from the Security log

B. the list of processes and their execution times

C. the average processor utilization

D. error events from the System log

E. third-party application logs stored as text �les

Correct Answer: CDE

Community vote distribution

CDE (71%) ACE (29%)

  HvD 3 days, 7 hours ago

Answer id BCD:
- A: No security-event loggings in LogAnalytics Agent (MMA)
- B: the list of processes and their execution times: Yes, try it if you want in LogAnalytics: Perf
| where ObjectName == "Process" and CounterName == "% Processor Time"
You will see all processes of all the computers and their run time.
- C: the average processor utilization: Yes, run: InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Processor" and Name == "UtilizationPercentage"
D: Yes, Systemlogs are collected.
E: Log files apart from Application and System logs are NOT collected. For sure not if they are text-based log files. Only Eventlogs. No textfiles.
upvoted 3 times

  Rubends 2 days, 8 hours ago

I think it's correct, E: you must configure it.
upvoted 1 times

  yingo20 1 month, 1 week ago

CDE it's a correct answers
upvoted 1 times

  letters1234 1 month, 2 weeks ago

Selected Answer: CDE
JP1900's answer has A however that is security log, which cant be collected as it requires Defender for Cloud - https://learn.microsoft.com/en-
us/azure/azure-monitor/agents/data-sources-windows-events#configure-windows-event-logs

Current processes and times are also not natively supported, which means that local log files, standard event log and cpu utilization can be
collected.
upvoted 4 times

  Futfuyfyjfj 1 month, 1 week ago

https://github.com/uglide/azure-content/blob/master/articles/log-analytics/log-analytics-data-sources-performance-counters.md
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: CDE
We have to exclude security, and list of process.
possible is CDE
upvoted 1 times

  JP1900 1 month, 3 weeks ago

Selected Answer: ACE
You cannot collect failure events from the Security log or the list of processes and their execution times by using Log Analytics.
upvoted 2 times

  Futfuyfyjfj 3 weeks ago

So you are actually saying CDE?
upvoted 1 times

54 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  krzysztofbr 1 month, 2 weeks ago

A is about security, You are wrong
upvoted 1 times

Question #26 Topic 1

You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to onboard the devices to Microsoft Defender for Endpoint.
What should you create in the Microsoft Intune admin center?

A. an attack surface reduction (ASR) policy

B. a security baseline

C. an endpoint detection and response (EDR) policy

D. an account protection policy

E. an antivirus policy

Correct Answer: C

Community vote distribution

C (100%)

  Rocky83 1 week, 5 days ago

Selected Answer: C
Correct
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: C
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide
upvoted 4 times

  Futfuyfyjfj 1 month, 1 week ago

Direct link:
https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure#onboard-windows-devices
upvoted 2 times

55 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #27 Topic 1

Your company uses Microsoft Intune to manage devices.

You need to ensure that only Android devices that use Android work pro�les can enroll in Intune.
Which two con�gurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From Platform Settings, set Android device administrator Personally Owned to Block.

B. From Platform Settings, set Android Enterprise (work pro�le) to Allow.

C. From Platform Settings, set Android device administrator Personally Owned to Allow.

D. From Platform Settings, set Android device administrator to Block.

Correct Answer: BD

Community vote distribution

BD (100%)

  Rocky83 1 week, 5 days ago

Selected Answer: BD
In groups where both Android platforms are allowed, devices that support work profile will enroll with a work profile. Devices that don't support
work profile will enroll on the Android device administrator platform. Neither work profile nor device administrator enrollment will work until you
complete all prerequisites for Android enrollment.
upvoted 2 times

  mirak123 4 weeks ago

why is it D?
upvoted 1 times

  Futfuyfyjfj 1 month, 1 week ago

Answers are 100% correct
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: BD
https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
upvoted 3 times

56 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #28 Topic 1

HOTSPOT -
You have the device con�guration pro�le shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Correct Answer:

  Rocky83 1 week, 5 days ago

57 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct
upvoted 2 times

  letters1234 1 month, 2 weeks ago

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-configure-kiosk-mode#overview
Would require Digital/Interactive Signage experience instea dof Public-Browsing to be limited to one site.
Multiple tabs are also part of PBE
upvoted 3 times

  krzysztofbr 1 month, 2 weeks ago

answers are correct
https://learn.microsoft.com/en-us/mem/intune/configuration/kiosk-settings-windows
upvoted 4 times

58 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #29 Topic 1

HOTSPOT -
You have 100 Windows 10 devices enrolled in Microsoft Intune.
You need to con�gure the devices to retrieve Windows updates from the internet and from other computers on a local network.
Which Delivery Optimization setting should you con�gure, and which type of Intune object should you create? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  ExamKiller020 3 weeks ago

Answer is correct, just checked in my own tenant
upvoted 2 times

  NoursBear 1 month ago

Hmm ok fair enough but now it should be done via the newer options Update rings for W10, Feature Updates for W10 etc....
upvoted 1 times

  ExamKiller020 3 weeks ago

You cant config that in Update rings...
upvoted 2 times

  letters1234 1 month, 2 weeks ago

LAN (1 - Default): This default operating mode for Delivery Optimization enables peer sharing on the same network.

The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients
then try to connect to other peers on the same network by using their private subnet IP.

https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#download-mode

And yes, done through configuration profile.

upvoted 4 times

  krzysztofbr 1 month, 2 weeks ago

hmmm, download mode? 99%
100% device profile.
answers are correct hope so 99%
https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization
upvoted 2 times

59 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #30 Topic 1

HOTSPOT -
You have an Azure AD tenant that contains the users shown in the following table.

You have devices enrolled in Microsoft Intune as shown in the following table.

From Intune, you create and send a custom noti�cation named Noti�cation1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

  krzysztofbr Highly Voted  1 month, 2 weeks ago

so many wrong answers again:)!
custom doesnt work for Windows and MacOS
DEVICE 1 (Windows) NO
Device 2 (Android) YES
Device 3 (IOS) but group 2 - NO
upvoted 8 times

  BJS78 3 weeks ago

Well, no entirely true. You CAN create custom Notifications (Toast) on Windows via PS and deploy, but not "send" them
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

I was wrong!
NO, NO, YES!
upvoted 8 times

  Futfuyfyjfj Most Recent  3 weeks ago

The answer is here: https://learn.microsoft.com/en-us/mem/intune/remote-actions/custom-notifications

-> When sending a notification to a group, messages target only the users in the group and are sent to each iOS/iPadOS or Android device that
the user has registered. Devices in the group will be ignored when targeting the notification.
Answer is correct.
upvoted 3 times

  Casticod 1 week, 4 days ago

From the same link: "Use Microsoft Intune to send custom notifications to the users of managed iOS/iPadOS and Android devices"
So I think:
No Its Windows
YES Its Android an device in Group 1
NO Its IOS but not In group 1

60 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 1 times
  ashville13 3 weeks, 6 days ago
correct, Sending a notification to a group will target only the users of that group; the notification will go to all iOS/iPadOS and Android devices
enrolled by that user.
upvoted 3 times

  NoursBear 1 month ago

Researched on my Intune Tenant and it is correct. Once again a topic not mentioned in the course like most things.
upvoted 1 times

  Zied_jouini111 1 month, 1 week ago

Non Oui Non
upvoted 1 times

  volto 1 month, 3 weeks ago

"Sending a notification to a group will target only the users of that group; the notification will go to all iOS/iPadOS and Android devices enrolled by
that user."
If Device 3 is enrolled by User 1 than he receive notification. We don't know it.
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

device 3 but group 2, We are sending to the group1 ONLY
no, yes, no
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

SHOULD be NO NO yes
upvoted 2 times

  rmac 1 month, 3 weeks ago

Correct!
No
No
Yes
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

PLEASE if You don't know..say You dont know. or You are not sure:)
upvoted 1 times

  sh123df 1 month, 3 weeks ago

Can you please explain how it is correct?
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

You have my explanation on the top
upvoted 2 times

61 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #31 Topic 1

You use Microsoft Intune and Intune Data Warehouse.

You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?

A. the Company Portal app

B. Endpoint analytics

C. the Azure portal app

D. Microsoft Power BI

Correct Answer: D

Community vote distribution

D (100%)

  pinda 3 days, 2 hours ago

Selected Answer: D
correct
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

Microsoft Power BI
upvoted 3 times

  Futfuyfyjfj 1 month, 1 week ago

https://learn.microsoft.com/en-us/mem/intune/developer/reports-proc-get-a-link-powerbi
upvoted 2 times

62 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #32 Topic 1

You have a Microsoft 365 E5 subscription and 25 Apple iPads.

You need to enroll the iPads in Microsoft Intune by using the Apple Con�gurator enrollment method.
What should you do �rst?

A. Con�gure an Apply MDM push certi�cate.

B. Add your user account as a device enrollment manager (DEM).

C. Modify the enrollment restrictions.

D. Upload a �le that has the device identi�ers for each iPad.

Correct Answer: A

Community vote distribution

A (100%)

  letters1234 Highly Voted  1 month, 2 weeks ago

Selected Answer: A
Pre-requisites - https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-configurator-enroll-ios
upvoted 5 times

  VirtualJP Most Recent  2 weeks, 6 days ago

Selected Answer: A
Pre-reqs
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

A. Configure an Apply MDM push certificate.
from MS website
Prerequisites
Physical access to iOS/iPadOS devices
Set MDM authority
An Apple MDM push certificate
Device serial numbers (Setup Assistant enrollment only)
USB connection cables
macOS computer running Apple Configurator 2.0
upvoted 2 times

63 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #33 Topic 1

HOTSPOT -
You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Azure AD.
The computers have different update settings, and some computers are con�gured for manual updates.
You need to con�gure Windows Update. The solution must meet the following requirements:
The con�guration must be managed from a central location.
Internet tra�c must be minimized.
Costs must be minimized.
How should you con�gure Windows Update? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  krzysztofbr 1 month, 2 weeks ago

answers are correct
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

"you have no servers" so it must be Intune and Windows update for bussiness
upvoted 3 times

  sh123df 1 month, 3 weeks ago

Answers seems correct out
upvoted 4 times

64 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #34 Topic 1

You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft
Intune.
You need to con�gure Delivery Optimization on the devices to meet the following requirements:
Allow downloads from the internet and from other computers on the local network.
Limit the percentage of used bandwidth to 50.
What should you use?

A. a con�guration pro�le

B. a Windows Update for Business Group Policy setting

C. a Microsoft Peer-to-Peer Networking Services Group Policy setting

D. an Update ring for Windows 10 and later pro�le

Correct Answer: C

Community vote distribution

A (100%)

  krzysztofbr Highly Voted  1 month, 4 weeks ago

answer is wrong should be A "delivery Optimization"
https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference
upvoted 14 times

  Buzl Highly Voted  2 months ago

A Configuration profile using the "Delivery Optimization" template will allow you to specify the percentage of bandwidth (max) to be used
upvoted 6 times

  4rk4n4 Most Recent  1 day, 20 hours ago

Selected Answer: A
Answer should be A
upvoted 1 times

  Grg433 2 weeks, 4 days ago

Selected Answer: A
yes , A is correct !
upvoted 1 times

  NoursBear 1 month ago

A for me too
upvoted 3 times

  letters1234 1 month, 2 weeks ago

Selected Answer: A
Delivery Optimisation through Configuration Profile in Intune
upvoted 6 times

65 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #35 Topic 1

Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows
10.
You have the groups shown in the following table.

Which groups can you add to Group4?

A. Group2 only

B. Group1 and Group2 only

C. Group2 and Group3 only

D. Group1, Group2, and Group3

Correct Answer: D

Community vote distribution

A (61%) C (39%)

  volto Highly Voted  1 month, 3 weeks ago

Selected Answer: C
Answer D is wrong. Unable to add local security group, universal distribution group. Just another local computer group or domain security group.
The correct answer is C.
upvoted 9 times

  picho707 1 month ago

The correct answer is "C". A universal distribution group cannot be added to a local group however a security group can be nested to a local
group.
upvoted 1 times

  picho707 6 days, 18 hours ago

I am withdrawing this answer after further research.
upvoted 1 times

  picho707 Highly Voted  6 days, 18 hours ago

Selected Answer: A
The correct answer is A.
Group 4 is a local group therefore Universal Distribution Groups cannot be nested.
Group 4 is a local group therefore other local Groups cannot be nested.
upvoted 5 times

  Temptset 6 days, 8 hours ago

This is correct!
upvoted 1 times

  ZaFletch Most Recent  1 day, 6 hours ago

Selected Answer: A
Only the domain security group is addable
upvoted 1 times

  Suresh_2411 5 days, 16 hours ago

Selected Answer: A
Group 4 is a local group therefore Universal Distribution Groups cannot be nested.
Group 4 is a local group of same device so other local Groups from same device cannot be nested.
upvoted 3 times

  picho707 6 days, 18 hours ago

The correct answer is A.
Group 4 is a local group therefore Universal Distribution Groups cannot be nested.
Group 4 is a local group therefore other local Groups cannot be nested.
upvoted 2 times

66 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Alscoran 6 days, 19 hours ago

Selected Answer: A
Cannot nest. A similar question was on the learn.microsoft.com website.
"You can add only domain security groups as members to Windows local groups. You cannot nest local Windows groups, and you cannot add
domain distribution groups as members of local Windows groups. "
https://learn.microsoft.com/windows/win32/ad/adding-domain-objects-to-local-groups
upvoted 3 times

  someone1337 2 weeks, 3 days ago

Selected Answer: C
tested in lab and answer is C.
upvoted 2 times

  majerzg 12 hours, 5 minutes ago

I'm sorry, but you haven't tested it.
You will not add a local group to a local group!
upvoted 1 times

  BJS78 3 weeks ago

Answer: A
Tested: you cannot add grpups to local grpups. Only "Other objects", "Built-in security principals", "Users" are allowed on a member computer.
Distribution groups cannot be added to local groups at all.
upvoted 2 times

  NoursBear 1 month ago

I think the answer is correct, here from my search:
for me it's CGroup 2 and Group 3. From my search:
A universal group can contain users, global groups, and other universal groups from any domain in the forest.
A universal group can be a member of domain local groups or other universal groups.
A universal group cannot be a member of a global group.
Group 4 seems to be a local group
upvoted 1 times

  moshkoshbgosh 1 month, 3 weeks ago

Selected Answer: A
Nesting of local groups is not supported on workstations or member servers - https://learn.microsoft.com/en-us/previous-versions/windows/it-
pro/windows-7/ee681621(v=ws.10)?redirectedfrom=MSDN
upvoted 5 times

67 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #36 Topic 1

DRAG DROP -
You have a Microsoft 365 subscription. The subscription contains computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to create a compliance policy that meets the following requirements:
Requires BitLocker Drive Encryption (BitLocker) on each device
Requires a minimum operating system version
Which setting of the compliance policy should you con�gure for each requirement? To answer, drag the appropriate settings to the correct
requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.
NOTE: Each correct selection is worth one point.

Correct Answer:

  krzysztofbr Highly Voted  1 month, 4 weeks ago

answers are correct
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
upvoted 11 times

  Rocky83 Most Recent  1 week, 5 days ago

Correct
upvoted 1 times

  maggie22 1 week, 5 days ago

it should be system security for bitlocker
upvoted 2 times

  gv_myra 1 week, 1 day ago

It's not. It is Device Health. https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#device-health
upvoted 1 times

  Casticod 1 week, 5 days ago

Correct: https://www.anoopcnair.com/bitlocker-compliance-policy-using-intune/
upvoted 1 times

  Casticod 1 week, 4 days ago

My comment should be generate dudes Correct With the option posted by Maggie22
upvoted 1 times

68 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #37 Topic 1

HOTSPOT -
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You have the Windows 11 devices shown in the following table.

You deploy the device compliance policy shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

69 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Kiookr Highly Voted  3 weeks, 1 day ago

YNN , *** Excluded Groups *** group 2, and per Microsoft "exclusion" take precedence over "inclusion "
upvoted 7 times

  Suresh_2411 Most Recent  5 days, 16 hours ago

Y - policy assigned and compliant
N - policy assigned and not compliant
N - policy not assigned
N
upvoted 1 times

  NoursBear 1 month ago

YNY, for Device 3, Exclude wins, although this is not conventional for Microsoft, for everything else normally the most restrictive settings wins but
for compliance policies it seems.
upvoted 1 times

  Futfuyfyjfj 3 weeks ago

You can’t say whether device 3 is compliant or not. No policy is assigned, so in order to tell if the device is compliant you need to be aware of
the default compliance policy, which isn’t mentioned. However the question contains two components
-compliance policy assigned
-device is compliant
First one is a No, which makes YNN
upvoted 2 times

  letters1234 1 month, 2 weeks ago

Y - Applies and Bitlocker enabled
N - Applies and Bitlocker disabled
Y - Compliance check doesn't apply

Mark devices with no compliance policy assigned as:

This setting determines how Intune treats devices that haven't been assigned a device compliance policy. This setting has two values:
"Compliant (default): This security feature is off. Devices that aren’t sent a device compliance policy are considered compliant."

https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings
upvoted 3 times

  cserra 1 month, 2 weeks ago

The third question starts with "Device 3 will have a policy assigned" and as it belongs to Group2, the policy will not be assigned to it. Therefore
it is no.
The correct answer would be YNN
upvoted 5 times

  TheWiz 1 month, 1 week ago

Correct. Device 3 is in both an included and excluded group. In that case, exclusion wins. Policy will not be assigned.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-inc-exl-assignments
upvoted 3 times

  krzysztofbr 1 month, 2 weeks ago

YES
NO (because bitlocker disabled)
YES
upvoted 1 times

  Futfuyfyjfj 1 month, 1 week ago

Wrong exclusion takes precedence: https://learn.microsoft.com/en-us/mem/intune/apps/apps-inc-exl-assignments
Given answer is correct YNN, see cserra
upvoted 7 times

70 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #38 Topic 1

DRAG DROP -
You have a Microsoft 365 subscription that contains the devices shown in the following table.

You need to ensure that only devices running trusted �rmware or operating system builds can access network resources.
Which compliance policy setting should you con�gure for each device? To answer, drag the appropriate settings to the correct devices. Each
setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

  krzysztofbr Highly Voted  1 month, 2 weeks ago

answers are correct
upvoted 6 times

  Crismo Most Recent  2 weeks, 1 day ago

rooted is the term used for modified Androids, jailbroken for iOS
upvoted 2 times

71 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #39 Topic 1

DRAG DROP -
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.

Correct Answer:

72 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Alscoran 1 week, 1 day ago

Don't you have to upload the JSON file ?
https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy
For Windows:

On the Compliance settings page, expand Custom Compliance and set Custom compliance to Require.
For Select your discovery script, select Click to select, and then specify a script that’s been previously added to the Microsoft Intune admin center.
This script must have been uploaded before you begin to create the policy.
For Upload and validate the JSON file with your custom compliance settings, select the folder icon and then locate and add the JSON file for
Windows that you want to use with this policy.
upvoted 1 times

  Temptset 6 days, 7 hours ago

Based on the URL you've provided you can find a hyperlink "Custom compliance JSON files" under the header Prerequisites, subhead JSON,
which leads to:
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-custom-json

"You’ll upload the JSON file when you create a compliance policy that includes custom compliance settings."

This means the given answers are correct as you upload the JSON-file DURING the creation of a new policy, you don't upload it upfront as is
needed for a PS script.
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

answers are corect
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-use-custom-settings#prerequisites
upvoted 4 times

73 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #40 Topic 1

DRAG DROP -
You have a computer that runs Windows 10 and contains two local users named User1 and User2.
You need to ensure that the users can perform the following actions:
User1 must be able to adjust the date and time.
User2 must be able to clear Windows logs.
The solution must use the principle of least privilege.
To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

  volto Highly Voted  1 month, 3 weeks ago

Answers are wrong
User1: "By default, only users with administrator rights in Windows 10 can change time and date settings."
User 2: "Restricting the Manage auditing and security log user right to the local Administrators group is the default configuration."
upvoted 6 times

  Futfuyfyjfj 1 month, 1 week ago

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/change-the-system-time#default-values
upvoted 2 times

  Futfuyfyjfj 1 month, 1 week ago

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/clear-eventlog?view=powershell-5.1
upvoted 2 times

  Rocky83 Most Recent  1 week, 5 days ago

Answers are wrong, both settings need Administrator permission
upvoted 3 times

  BJS78 3 weeks ago

https://droidrant.com/what-rights-do-power-users-have-in-windows-10/
upvoted 1 times

  NoursBear 1 month ago

I think both answers are Administrators. Nothing mentioning the Performance Monitor
upvoted 3 times

  NoursBear 1 month ago

I will also add "the Power Users Group was made obsolete in Windows Vista" according to an article however I see that Power Users is still on
WIndows 10, so for the Date and Time change Power Users would be correct but don't think it is still in use
upvoted 2 times

  letters1234 1 month, 2 weeks ago

As a twist, in Windows 11 a standard user can change the time without elevation. Make sure to read that this question says Windows 10.
upvoted 4 times

74 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #41 Topic 1

HOTSPOT -
You have an Azure AD tenant named contoso.com.
You have the devices shown in the following table.

Which devices can be Azure AD joined, and which devices can be registered in contoso.com? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  krzysztofbr Highly Voted  1 month, 2 weeks ago

answers are correct
upvoted 5 times

  Futfuyfyjfj 1 month, 1 week ago

Azure AD join capable Devices: https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-directory-join
Azure AD registered Devices: https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-device-registration
upvoted 3 times

  krzysztofbr Most Recent  1 month, 2 weeks ago

ad join win10 and 11
Ad registered all platforms including linux
upvoted 1 times

  mirak123 4 weeks ago

shouldnt be opposite then
ad join is contoso.com (Directory name) so only 1 and 2
and Azure AD all devices so 1234
upvoted 1 times

75 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #42 Topic 1

HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the users shown in the following table.

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup and has the local users shown in the following table.

UserA joins Computer1 to Azure AD by using [email protected].

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

  letters1234 Highly Voted  1 month, 3 weeks ago

Should be YNN, CDA is admin within azure portal. SA is also azure role and doesn't have local admin rights to make changes.
upvoted 9 times

  Futfuyfyjfj 1 month, 1 week ago

Wat not YNY.
(Cloud) Device administrator role :
https://techcommunity.microsoft.com/t5/microsoft-intune/as-a-device-admin-global-admin-how-can-i-install-software/m-p/2025358
upvoted 3 times

  Alscoran 1 week, 1 day ago

I don't think they can install anything on the local machine:
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#cloud-device-administrator
upvoted 1 times

  ExamKiller020 2 weeks, 4 days ago

The link you provided doesnt clarify anything. In the article is probably reffered to the 'Azure AD Joined Device Local Administrator' role and
not the Cloud device Administrator role
upvoted 3 times

  JP1900 Highly Voted  1 month, 2 weeks ago

letters1234 is correct, it is YNN.
upvoted 7 times

  Kiookr Most Recent  3 weeks, 1 day ago

Please read carefully " Computer1 is in a workgroup" WORKGROUP " meaning is not joined to domain .. so any member of "local Admin" has full

76 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

right on Computer1 .. I believe the answer should be NO-NO-NO

upvoted 2 times

  HvD 3 days, 6 hours ago

The suer which joins the computer to Azure AD is made local Administrator.
upvoted 1 times

  picho707 6 days, 6 hours ago

I agree with you on this one based on the article below. Please read the NOTE at the start of the article "This is done during the join operation
only. If an administrator makes changes after this point they will need to update the group membership on the device"

https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
upvoted 1 times

  BJS78 2 weeks, 6 days ago

Does not matter as UserA joins the device to AAD. User1 has no special local permission.
Cloud Device Admin (usually referred as Device Admin) becomes part of local Admin group after join. Security Admin cannot change firewall
rules as I think.
upvoted 4 times
  Capital 1 month ago
Tested in my lab environment - Security Admin can't edit firewall settings and Cloud Device Admin can install software.
Security Administrator - Can read security information and reports, and manage configuration in Azure AD and Office 365.
Cloud Device Administrator is marked as a privileged role.
upvoted 3 times

  NoursBear 1 month ago

For me the answers are correct.
upvoted 1 times

  letters1234 1 month, 3 weeks ago

Link - https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

Not sure either, there is the possibility in a Deployment Profile to disable AP built devices providing local admin to the signed in user but that's not
part of the use case.
(Out-of-box experience: User account type - Standard)
upvoted 1 times

  volto 1 month, 3 weeks ago

"When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principals to the local
administrators group on the device:
The Azure AD Global Administrator role
The Azure AD joined device local administrator role
The user performing the Azure AD join."
Why is the second answer marked as yes?
upvoted 2 times

77 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #43 Topic 1

Your network contains an Active Directory domain. The domain contains a user named Admin1. All computers run Windows 10.
You enable Windows PowerShell remoting on the computers.
You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least
privilege.
To which group should you add Admin1?

A. Access Control Assistance Operators

B. Remote Desktop Users

C. Power Users

D. Remote Management Users

Correct Answer: B

Community vote distribution

D (89%) 11%

  NoursBear 1 month ago

For me it's D too. On a video with sample questions, this one came up and they are adamant that it is the RDP group. I guess the questions and
answers come from the same source
upvoted 1 times

  minasamy 1 month, 2 weeks ago

Selected Answer: D
A, B, C are not really related to PowerShell
upvoted 3 times

  letters1234 1 month, 3 weeks ago

Selected Answer: D
Remote Management Users Group provides the effective rights for PS remote/remote connection. Remote Desktop Users doesn't, would also
require also having local Administrator permission, not least privilege having two roles where one defined role will do.

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_requirements?view=powershell-7.3
User permissions - To create remote sessions and run remote commands, by default, the current user must be a member of the Administrators
group on the remote computer or provide the credentials of an administrator. Otherwise, the command fails.
upvoted 4 times

  JP1900 1 month, 3 weeks ago

Selected Answer: B
Read the question carefully, it states: "The solution must use the principle of least privilege."
Use the Remote Management Users group to allow users to manage servers through the Server Manager console.
upvoted 1 times

  HvD 3 days, 6 hours ago

I think you believe the users will be able to access all servers (remotely). But that's only true if the GPO (also) is applied to the servers(OU). That's
not a wise thing to do.
upvoted 1 times

  Futfuyfyjfj 1 month, 1 week ago

You selected answer B, but you are telling answer D?
upvoted 4 times

  volto 1 month, 3 weeks ago

Selected Answer: D
@rmac read above
"Members of the Remote Management Users group can access Windows Management Instrumentation (WMI) resources over management
protocols like WS-Management via the Windows Remote Management service."
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#remote-management-users
upvoted 1 times

  Joe9011 1 month, 3 weeks ago

https://woshub.com/powershell-remoting-via-winrm-for-non-admin-users/

78 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 1 times

  rmac 1 month, 3 weeks ago

Not sure if this is the right answer.
"Use the Remote Management Users group to allow users to manage servers through the Server Manager console. Use the
WinRMRemoteWMIUsers\_ group to allow users to remotely run Windows PowerShell commands."

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#remote-management-users
upvoted 1 times

79 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #44 Topic 1

HOTSPOT -
You have a Microsoft Intune subscription.
You are creating a Windows Autopilot deployment pro�le named Pro�le1 as shown in the following exhibit. Pro�le1 will be deployed to Windows
10 devices.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

80 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  ExamKiller020 2 weeks, 4 days ago

Second answer: Keyboard layout
Cortana is dead https://support.microsoft.com/nl-nl/topic/end-of-support-for-cortana-d025b39f-ee5b-4836-a954-0ab646ee1efa
upvoted 2 times

  picho707 1 month ago

On the second question, the deployment is user-driven so the user may be able to provide the computer name during the enrollment. This is a
really bogus question.
upvoted 3 times

  NoursBear 1 month ago

There is no correct answer for the second one
"If the Automatically configure keyboard is set to Yes, you won’t be seeing the keyboard layout selection prompt in OOBE during deployment.
Firstly you need to make the automatically configured keyboard set to No, and then select language if you make the selection to User Select."
upvoted 1 times

  BJS78 2 weeks, 6 days ago

This is true only if you set the Region above fixed and not the using the default.
upvoted 1 times

  letters1234 1 month, 3 weeks ago

Agree with prevented from modfiying any desktop settings.

Apply device name template: No

Doesn't create a template or pattern when naming your devices. The device will have the OEM name, such as DESKTOP-, followed by some random
characters.

https://learn.microsoft.com/en-us/autopilot/windows-autopilot-scenarios
In Windows 10, version 1903 and later, Cortana voiceover and speech recognition during OOBE is DISABLED by default.
Old Intune Setting: Skip Cortana, OneDrive, and OEM registration setup pages.

On the above, most likely keyboard is correct. This question may not be in the final version of this exam as it doesn't reflect the current Intune
settings. (Exam goes from beta to live from 6 Sept 2023).
upvoted 1 times

  JP1900 1 month, 3 weeks ago

Correct answers: are prevented from modifying any desktop settings
and Keyboard Layout
upvoted 2 times

  HvD 3 days, 5 hours ago

Why would a normal user not be able to change any setting, like desktop background, volume, default printer, etc?
upvoted 1 times

81 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #45 Topic 1

HOTSPOT -
You have a server named Server1 and computers that run Windows 10. Server1 has the Microsoft Deployment Toolkit (MDT) installed.
You plan to upgrade the Windows 10 computers to Windows 11 by using the MDT deployment wizard.
You need create a deployment share on Server1.
What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  krzysztofbr 1 month, 2 weeks ago

seems to be ok. not 100% sure
upvoted 2 times

  Futfuyfyjfj 3 weeks, 5 days ago

Win11 image and task sequence seems to be correct as well:
https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image#create-the-reference-
image-task-sequence
upvoted 1 times

  Futfuyfyjfj 3 weeks, 5 days ago

Agreed:
ADK required in order to create a deployment share; https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/prepare-
for-windows-deployment-with-mdt#install-the-windows-adk
upvoted 1 times

82 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #46 Topic 1

DRAG DROP -
You have a Microsoft Deployment Toolkit (MDT) server named MDT1.
When computers start from the LiteTouchPE_x64.iso image and connect to MDT1, the welcome screen appears as shown in the following exhibit.

You need to prevent the welcome screen from appearing when the computers connect to MDT1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.

Correct Answer:

  JP1900 Highly Voted  1 month, 2 weeks ago

Modify Bootstrap.ini
Modify CustomSettings.ini
Update deployment share
The CustomSettings.ini is a rules file processed by ZTIGather.wsf after the Bootstrap.ini is processed
The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The rules control the Windows Deployment Wizard on the client.
upvoted 10 times

  letters1234 Highly Voted  1 month, 2 weeks ago

https://learn.microsoft.com/en-us/mem/configmgr/mdt/toolkit-reference#SkipBDDWelcome
-Configure Bootstrap
-Configure CustomSettings.ini
-Update Deployment Share (which updates the image used for MDT).
upvoted 7 times

83 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Futfuyfyjfj 3 weeks, 5 days ago

Your reference proves your answer is correct!
upvoted 2 times

  RabbitB Most Recent  1 week, 5 days ago

1. Modify the Bootstrap.ini file
2. Update the deployment share
3. Replace the ISO image
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

answer seems to be wron
should be
Modify the task sequence
Modify the bootsrap ini file (inside thsi file is seeting about Welcome Sreen)
Update the deployment share
https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt
upvoted 2 times

84 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #47 Topic 1

You use Windows Admin Center to remotely administer computers that run Windows 10.
When connecting to Windows Admin Center, you receive the message shown in the following exhibit.

You need to prevent the message from appearing when you connect to Windows Admin Center.
To which certi�cate store should you import the certi�cate?

A. Client Authentication Issuers

B. Personal

C. Trusted Root Certi�cation Authorities

Correct Answer: C

Community vote distribution

C (100%)

  ZaFletch 3 days, 6 hours ago

Selected Answer: C
Error references CA
upvoted 1 times

  letters1234 1 month, 2 weeks ago

Selected Answer: C
Trusted Root
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

You need "Certification Authorities"
answer C
upvoted 1 times

85 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #48 Topic 1

HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.

Contoso.com contains the Azure AD groups shown in the following table.

You add a Windows Autopilot deployment pro�le. The pro�le is con�gured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

86 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  VirtualJP 1 week, 6 days ago

This is one of those annoying Microsoft exam questions.

The probelm I have with it is that there is no mention as to whether any of these devices are Autopilot enrolled.
Additionally, if you initiate OOBE the computer name is going to reset, and so with no clarity on the Autopilot enrollment state and the name
resetting, unless the same name is reapplied during the OOBE phase the AD group memberships for these devices won't take effect.

With that said, if the computer names did remain the same and the devices matched the AD group memberships, my answer would be:
Y
N - still not sure about this one, as it's a nested group
Y

Overall though, I'm not sure what the 'correct' answer would or should be here.
upvoted 1 times

  picho707 1 week, 3 days ago

Autopilot and Licensing assignment do not support nesting so the policy will not apply to device2. I learned this the hard way during a
deployment.
upvoted 1 times

  Crismo 2 weeks ago

NNY seems correct to me. Since device 1 and 2 are not enrolled in Intune, the deployment profile will have no effect on them.
upvoted 4 times

  airmancompsci 1 day, 1 hour ago

However, they are all in Azure AD, which is the requirement to use Autopilot. Part of the Autopilot process is to enroll in Intune per Microsoft as
well as join it to AD (so device1 will switch from registered to joined is my guess - if anyone can test this I am curious).

Additionally, the big thing for Microsoft seems to be the hardware address. They don't seem to refer to device names at all, so I am guessing it
shouldn't matter if they change?

https://learn.microsoft.com/en-us/autopilot/user-driven

My guess for the answer would be:

Yes - Device1 is part of Group1.
No - Device2 is part of Group2 which is nested in Group1. Autopilot doesn't work apply to nested groups.
Yes - Device3 is part of Group1.

I haven't been able to test this though, so if someone has a different answer please let me know.
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

answer C, might be ok. is all about MDM
in the other hand I'm not sure:)
upvoted 1 times

  Futfuyfyjfj 1 month, 1 week ago

Answers are correct
upvoted 1 times

87 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #49 Topic 1

HOTSPOT -
Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 11.
You need to con�gure the Remote Desktop settings of all the computers. The solution must meet the following requirements:
Prevent the sharing of clipboard contents.
Ensure that users authenticate by using Network Level Authentication (NLA).
Which two nodes of the Group Policy Management Editor should you use? To answer, select the appropriate nodes in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  letters1234 Highly Voted  1 month, 3 weeks ago

Device and Resource Re-direction and Security are the two answers
From GPO (Allow users to connect remotely by using Remote Desktop Services):

You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer
Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user
authentication for remote connections by using Network Level authentication.
upvoted 10 times

  BJS78 Most Recent  2 weeks, 6 days ago

Clipboard --> Device and Resource Redirection \ Do not allow Clipboard redirection
NLA --> Security \ Require user authentication for remote connections by using NLA
upvoted 3 times

  Temptset 6 days, 4 hours ago

This is the correct answer. You can double check it yourself when opening Local Group Policy Editor in Windows: expand Computer
Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >>
(Device and Resource Redirection / Security)
upvoted 1 times

88 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #50 Topic 1

HOTSPOT -
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
Azure AD joined Windows devices enroll automatically in Intune.
You have the devices shown in the following table.

You are preparing to upgrade the devices to Windows11. All the devices are compatible with Windows 11.
You need to evaluate Windows Autopilot and in-place upgrade as deployment methods to implement Windows 11 Pro on the devices, while
retaining all user settings and applications.
Which devices can be upgraded by using each method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

  ExamKiller020 Highly Voted  2 weeks, 4 days ago

Bit of a vague question. The question states: while retaining all user settings and applications.

Windows autopilot is possible on all devices (upload hash) but it will wipe all data. So is the answer then 'non of the devices'?

The inplace update is only possible on device 1 and 3 because there doesnt exist a 32bit version of W11

Correct me if im wrong
upvoted 5 times

  Casticod 5 days, 7 hours ago

With windows autopilot we cannot update Windows versions.
To update to Windows 11 we would need to configure the updates but that section is no longer within autopilot. Your question would be well
posed, if instead of Autopilot, in the question, put Intune.
(at least I think so)
upvoted 1 times

  maggie22 Most Recent  6 days, 23 hours ago

Windows Autopilot for existing devices lets you reimage and provision a Windows device for Autopilot user-driven mode using a single, native
Configuration Manager task sequence. The existing device can be on-premises domain-joined. The end result is a Windows 10 or Windows 11

89 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

device joined to either Azure Active Directory (Azure AD) or Active Directory (hybrid Azure AD join).
upvoted 1 times
  Casticod 1 week, 3 days ago
someone explain me how to upgrade From Windows 11 from autopilot?
In the first option I think None of the devices
In the second 1 & 3 (2 it´s 32 beats)
upvoted 4 times

  Rocky83 1 week, 3 days ago

"none of the devices" - You cant upgrade windows version through autopilot, you have to use Intune Features Updates

Device 1 and 3 only - In-place Upgrade for 32 bits to 64 is not supported.

Tricky one
upvoted 2 times

  Temptset 6 days, 4 hours ago

You seem to be right as I can only find references that upgrade from Windows 10 to 11 through WUfB, with that being said:

"Feature updates for Windows 10 and later policies cannot be applied during the Autopilot out of box experience (OOBE). Instead, the policies
apply at the first Windows Update scan after a device has finished provisioning, which is typically a day"

https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates#limitations-for-feature-updates-for-windows-10-and-
later-policy
upvoted 1 times

  BJS78 2 weeks, 6 days ago

1 - Autopilot requires no existence in AzureAD (Think of OEM devices enrolled), hashID-s needs to be uploaded and that is it. (Works with VMs as
well), so all device can work.
https://learn.microsoft.com/en-us/autopilot/software-requirements#next-steps
https://learn.microsoft.com/en-us/autopilot/networking-requirements
2 - 32-bit has no in-place upgrade option as W11 comes only with 64bit version
upvoted 2 times

  cserra 1 month, 2 weeks ago

1 - Autopilot requires being in AzureAD, other two devices are not joined.
But "All devices are compatible with Windows 11", then all support 64 bit OS. Then:
1, 2 & 3 can be updated.
upvoted 1 times

  NoursBear 1 month ago

How can devices be Azure AD "joined" in advance for new computers ? I can understand they have to be uploaded into Intune (unique
identifier) before staging, if they are Computers already AD joined, existing devices, well they are already known and in Intune, I think Feature
Updates would be used and not Autopilot
No devices qualify for Autopilot, Autopilot requires having WIndows 11 already
upvoted 1 times

  Futfuyfyjfj 1 month ago

But device 2 has Win10 32 bit installed, in that case an in place upgrade to Win11 64 bit isn’t possible right? Regardless whether the hardware
supports it?
upvoted 1 times

  Fortind1974 1 month ago

Correct.

It would need to be a 32-bit in-place upgrade. But Win11 is only available in 64-bit, so a full wipe and install is needed.
upvoted 2 times

  letters1234 1 month, 3 weeks ago

1 - Autopilot requires being in AzureAD, other two devices are not joined.
1 & 3 - CPU requirement is 64bit for windows 11 - https://www.microsoft.com/en-us/windows/windows-11-specifications#table1 -
upvoted 2 times

90 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #51 Topic 1

DRAG DROP -
You have 100 computers that run Windows 10.
You plan to deploy Windows 11 to the computers by performing a wipe and load installation.
You need to recommend a method to retain the user settings and the user data.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.

Correct Answer:

  krzysztofbr 1 month, 2 weeks ago

answers are correct
https://learn.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax
upvoted 2 times

  letters1234 1 month, 3 weeks ago

Reason it isnt KFM for data is that it only backs up specific folders and not all users Appdata folder etc.
upvoted 2 times

91 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #52 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You use Windows Autopilot to deploy Windows 11 to devices.
A support engineer reports that when a deployment fails, they cannot collect deployment logs from failed device.
You need to ensure that when a deployment fails, the deployment logs can be collected.
What should you con�gure?

A. the automatic enrollment settings

B. the Windows Autopilot deployment pro�le

C. the enrollment status page (ESP) pro�le

D. the device con�guration pro�le

Correct Answer: C

Community vote distribution

C (100%)

  letters1234 1 month, 2 weeks ago

Selected Answer: C
Also, here "Allow users to collect troubleshooting logs".
https://learn.microsoft.com/en-us/autopilot/enrollment-status#esp-profiles
upvoted 3 times

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: C
the question is wrong.
because You have logs without any action
but If You would like give end user logs yes You have to setup ESP
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status
\
upvoted 2 times

92 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #53 Topic 1

You have a Microsoft 365 E5 subscription that contains a user named User1 and uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You have a device named Devic1 that is enrolled in Intune.
You need to ensure that User1 can use Remote Help from the Intune admin center for Device1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Deploy the Remote Help app to Device1.

B. Assign the Help Desk Operator role to User1.

C. Assign the Intune Administrator role to User1.

D. Assign a Microsoft 365 E5 license to User1.

E. Rerun device onboarding on Device1.

F. Assign the Remote Help add-on license to User1.

Correct Answer: ABE

Community vote distribution

ABF (86%) 14%

  rmac Highly Voted  1 month, 3 weeks ago

From my point of view, the solution is:
A,B,F
upvoted 7 times

  rmac 1 month, 3 weeks ago

reference:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/remote-help#prerequisites
upvoted 1 times

  picho707 Most Recent  6 days, 2 hours ago

Selected Answer: ABD
I am leaning towards A, B, D.
The question reads: You have a Microsoft 365 E5 subscription that contains a user named User1 and uses Microsoft Intune Suite.
I guess it is understood that User1 already has assigned or will be assigned the Microsoft 365 E5 license.
upvoted 1 times

  Mekkel 1 week, 2 days ago

Selected Answer: ABF
Agree with rmac
upvoted 1 times

  Casticod 1 week, 4 days ago

Selected Answer: ABF
Vote for ABF
upvoted 1 times

  Kiookr 3 weeks ago

Agree With rmac .. A,B,F
upvoted 1 times

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: ABF
agree with RMAC
upvoted 3 times

  letters1234 1 month, 3 weeks ago

E5 is not necessary as remote help license can be assigned as addon to other licenses, E5 is 'over-licensing' the user/device.
upvoted 1 times

  letters1234 1 month, 3 weeks ago

Selected Answer: ABF

93 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Agree with RMAC, no need to re-onboard the device to MDM when it's already enrolled.
upvoted 1 times

Question #54 Topic 1

You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows 10 Enterprise and has Microsoft O�ce 2019
installed.
You have the Windows 11 Enterprise images shown in the following table.

Which images can be used to perform an in-place upgrade of Device1?

A. Image1 only

B. Image2 only

C. Image1 and Image2

Correct Answer: B

Community vote distribution

B (100%)

  letters1234 Highly Voted  1 month, 3 weeks ago

Selected Answer: B
https://learn.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios
Existing applications are preserved through the process. So, the upgrade process uses the standard Windows installation media image (Install.wim).
Custom images aren't needed and can't be used because the upgrade process is unable to deal with conflicts between apps in the old and new
operating system.
upvoted 7 times

  poppinaz Most Recent  6 days, 22 hours ago

Totaly agree with you. Tried it in my Lab
upvoted 2 times

94 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #55 Topic 1

HOTSPOT -
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant by using Azure AD
Connect.
You use Microsoft Intune and Con�guration Manager to manage devices.
You need to recommend a deployment plan for new Windows 11 devices. The solution must meet the following requirements:
Devices for the marketing department must be joined to the AD DS domain only. The IT department will install complex applications on the
devices at build time, before giving the devices to the marketing department users.
Devices for the sales department must be Azure AD joined. The devices will be shipped directly from the manufacturer to the homes of the sales
department users.
Administrative effort must be minimized.
Which deployment method should you recommend for each department? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth point.

Correct Answer:

  letters1234 Highly Voted  1 month, 3 weeks ago

Correct, Configuration manager doesn't require AAD connectivity and Autopilot with OEM registration means you can send the devices direct to
user.
upvoted 6 times

  Rocky83 1 week, 3 days ago

Agreed
upvoted 1 times

  Futfuyfyjfj 3 weeks, 4 days ago

Agreed
upvoted 1 times

95 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #56 Topic 1

You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.
In the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.
You need to con�gure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.
What should you do �rst?

A. Import an OS package.

B. Create a selection pro�le.

C. Add a Gather task to the task sequence.

D. Add a Validate task to the task sequence.

Correct Answer: B

Community vote distribution

B (100%)

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: B
https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt
upvoted 1 times

Question #57 Topic 1

You have an on-premises server named Server1 that hosts a Microsoft Deployment Toolkit (MDT) deployment share named MDT1.
You need to ensure that MDT1 supports multicast deployments.
What should you install on Server1?

A. Multipath I/O (MPIO)

B. Multipoint Connector

C. Windows Deployment Services (WDS)

D. Windows Server Update Services (WSUS)

Correct Answer: C

Community vote distribution

C (100%)

  krzysztofbr 1 month, 2 weeks ago

the answer is correct. multicast in this case requires WDS
upvoted 2 times

  letters1234 1 month, 2 weeks ago

Selected Answer: C
C as Windows Deployment Services is able to serve PXE requests. Couldn't find an exact article, but PowerShell cmdlet for WDS includes Get-
WDSMulticastClient and other commands showing it is a feature of WDS.
https://learn.microsoft.com/en-us/powershell/module/wds/get-wdsmulticastclient?view=windowsserver2022-ps
upvoted 4 times

  Futfuyfyjfj 3 weeks, 4 days ago

This is the article: https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-
mdt#multicast-deployments
upvoted 2 times

96 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #58 Topic 1

Your company standardizes on Windows 10 Enterprise for all users.

Some users purchase their own computer from a retail store. The computers run Windows 10 Pro.
You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to Azure AD, and install several
Microsoft Store apps. The solution must meet the following requirements:
Ensure that any applications installed by the users are retained.
Minimize user intervention.
What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. Windows Autopilot

B. Microsoft Deployment Toolkit (MDT)

C. a Windows Con�guration Designer provisioning package

D. Windows Deployment Services (WDS)

Correct Answer: C

Community vote distribution

C (60%) A (40%)

  letters1234 Highly Voted  1 month, 2 weeks ago

Selected Answer: C
Autopilot would require resetting the device, provisioning package can be loaded during normal use of the OS. Doesn't require resetting/wiping
etc.
upvoted 5 times

  picho707 Most Recent  6 days, 2 hours ago

Selected Answer: A
I am leaning towards "A" since the "Windows Configuration Designer provisioning package" answer does not provide the level of automation and
user intervention that the question requires.
upvoted 1 times

  Temptset 6 days, 3 hours ago

Selected Answer: C
It's Windows Configuration Designer (WCD) as it can ADD packages (provisioning), hence retain user data, which AutoPilot cannot.

https://learn.microsoft.com/en-us/windows/configuration/wcd/wcd-editionupgrade
upvoted 1 times

  JP1900 1 month, 3 weeks ago

Selected Answer: A
Minimize user intervention.
upvoted 3 times

  Futfuyfyjfj 1 month ago

Furthermore Autopilot isn’t designed for BYOD
upvoted 2 times

  krzysztofbr 1 month, 2 weeks ago

can't be a "any applications installed by the users are retained."
autopilot removes all APPS
upvoted 3 times

97 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #59 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you modify the User settings and the Device settings.
Does this meet the goal?

A. Yes

B. No

Correct Answer: B

Community vote distribution

B (100%)

  krzysztofbr 1 month, 2 weeks ago

Selected Answer: B
agrree with letters1234
upvoted 1 times

  letters1234 1 month, 3 weeks ago

Entra Portal only has information around MFA/ESR/BitLocker/UserJoin-Register/LocalAdmin. To configure PIN would require Configuration Profile
from Intune or GPO for AD / HAADJ devices.
upvoted 3 times

98 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #60 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you con�gure automatic mobile device management (MDM) enrollment. From the Microsoft
Intune admin center, you create and assign a device restrictions pro�le.
Does this meet the goal?

A. Yes

B. No

Correct Answer: B

Community vote distribution

A (100%)

  Suresh_2411 5 days, 16 hours ago

Selected Answer: A
should be Yes
upvoted 1 times

  suresh08 1 week ago

Selected Answer: A
Yes, we can achieve it from device restriction.
upvoted 2 times

  letters1234 1 month, 3 weeks ago

Correct, would need to be Enroll Devices \ Windows Enrollment \ Windows Hello for Business \ Minimum PIN Length. Or possibly a Device
Configuration Policy.
upvoted 2 times

  Futfuyfyjfj 3 weeks, 3 days ago

You are right it can be achieved with a WHfB config, but you can do it with a device restriction as well:
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#password
upvoted 2 times

  BJS78 2 weeks, 6 days ago

Wrong. You can set PIN for iOS/Android, but for Windows only the password (not the PIN) can be controlled via Device restrictions.
upvoted 1 times

  Futfuyfyjfj 2 weeks, 5 days ago

I guess you didn’t read the article nor you checked Intune itself? Article says:

Required password type: Choose the type of password. Your options:

Not configured: Intune doesn't change or update this setting. By default, the OS might allow the password to include numbers and
letters.
Alphanumeric: Password must be a mix of numbers and letters.
Numeric: Password must only be numbers.

So numeric is a PIN……
upvoted 2 times

99 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #61 Topic 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you con�gure automatic mobile device management (MDM) enrollment. From the Microsoft
Intune admin center, you con�gure the Windows Hello for Business enrollment options.
Does this meet the goal?

A. Yes

B. No

Correct Answer: A

  letters1234 1 month, 3 weeks ago

Correct, confirmed Intune 2308 environment.
upvoted 3 times

100 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #62 Topic 1

Case study -

Overview -

Contoso, Ltd. is a consulting company that has a main o�ce in Montreal and two branch o�ces in Seattle and New York.

Contoso has the users and computers shown in the following table.

The company has IT, human resources (HR), legal (LEG), marketing (MKG), and �nance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch o�ce in Phoenix. Most of the users in the Phoenix o�ce will work from home.

Existing Environment -

The network contains an Active Directory domain named contoso.com that is synced to Azure AD.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Con�guration Manager. The mobile devices are managed by using Microsoft Intune.

The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example FIN-6785. All the
computers are joined to the on-premises Active Directory domain.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of
its respective department.

Intune Con�guration -

The domain has the users shown in the following table.

User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.

The device compliance policies in Intune are con�gured as shown in the following table.

101 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The device compliance policies have the assignments shown in the following table.

The device limit restrictions in Intune are con�gured as shown in the following table.

Requirements -

Planned changes -

Contoso plans to implement the following changes:

• Provide new computers to the Phoenix o�ce users. The new computers have Windows 10 Pro preinstalled and were purchased already.
• Implement co-management for the computers.

Technical Requirements -

Contoso must meet the following technical requirements:

• Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
• Deploy Windows 10 Enterprise to the computers of the Phoenix o�ce users by using Windows Autopilot.
• Create a provisioning package for new computers in the HR department.
• Block iOS devices from sending diagnostic and usage telemetry data.
• Use the principle of least privilege whenever possible.
• Enable the users in the MKG department to use App1.
• Pilot co-management for the IT department.

You need to meet the technical requirements for the iOS devices.

Which object should you create in Intune?

A. a deployment pro�le

B. an app protection policy

C. a device con�guration pro�le

D. a compliance policy

Correct Answer: C

  Futfuyfyjfj 1 month ago

C is correct, however telemetry is a bit of vague wording in relation to iOS

https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios#settings-apply-to-all-enrollment-types-4

102 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 1 times

103 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #63 Topic 1

HOTSPOT
-

Case study
-

Overview
-

Contoso, Ltd. is a consulting company that has a main o�ce in Montreal and two branch o�ces in Seattle and New York.

Contoso has the users and computers shown in the following table.

The company has IT, human resources (HR), legal (LEG), marketing (MKG), and �nance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch o�ce in Phoenix. Most of the users in the Phoenix o�ce will work from home.

Existing Environment
-

The network contains an Active Directory domain named contoso.com that is synced to Azure AD.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Con�guration Manager. The mobile devices are managed by using Microsoft Intune.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of
its respective department.

Intune Con�guration
-

The domain has the users shown in the following table.

User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.

104 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The device compliance policies in Intune are con�gured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The device limit restrictions in Intune are con�gured as shown in the following table.

Requirements
-

Planned changes
-

Contoso plans to implement the following changes:

• Provide new computers to the Phoenix o�ce users. The new computers have Windows 10 Pro preinstalled and were purchased already.
• Implement co-management for the computers.

Technical Requirements
-

Contoso must meet the following technical requirements:

You are evaluating which devices are compliant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

105 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Suresh_2411 5 days, 15 hours ago

NO
YES
YES
upvoted 1 times

  picho707 6 days ago

Question 1:
Device1 belongs to Group1
Policy3 is assigned to Group1
Policy3 Settings = Android = Require = Assigned
Device1 Settings = Android = Disabled
The Policy requires encryption and Device encryption is disabled therefore the device is not compliant so answer is NO
upvoted 1 times

  picho707 6 days ago

Question 2
Device3 belongs to group2 and group3
Policy1 and Policy2 are assigned to Groups2 and Groups3
Policy1 Settings = Android = Not Configured = Assigned
Policy2 Settings = IOS = Not Applicable = Assigned = Exclude Group3 so it will not apply.
Device3 Settings = Android = Disabled
The effective Policy requires encryption "Not Applicable" and Device encryption is "Disabled" therefore the device is compliant so answer is Yes
upvoted 1 times

  picho707 6 days ago

Question 3
Device4 belongs to Group2
Policy2 is assigned to Group2 and Group3
Policy2 Settings = IOS = Not Applicable = Assigned = Exclude Group3 but device does not belong to group 3.
Device4 Settings = IOS = Not Applicable
The Policy requires encryption "Not Applicable" and Device encryption is "Not Applicable" therefore the device is compliant so answer is Yes
upvoted 1 times

  ExamKiller020 2 weeks, 4 days ago

NO
YES
YES
upvoted 4 times

  sh123df 1 month, 1 week ago

No
? = Will the exclude or include over ride?
Yes
upvoted 1 times

  Futfuyfyjfj 1 month ago

Doesn’t matter, the policy (2) is for iOS, the Devices is Android. So policy is not applicable

106 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

upvoted 3 times

  BJS78 2 weeks, 6 days ago

Wrong. Device 3 will be excluded from Policy2 due to ex: Group3 setting. The device will receive. N-Y-Y, answer is correct
upvoted 1 times

  Futfuyfyjfj 2 weeks, 5 days ago

You need to learn and watch. Device 3 will be compliant because of the assignment on policy 1… policy 2 has nothing to do with device
regardless exclusion or not.
upvoted 2 times

107 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #64 Topic 1

Case study -

Overview -

Contoso, Ltd. is a consulting company that has a main o�ce in Montreal and two branch o�ces in Seattle and New York.

Contoso has the users and computers shown in the following table.

The company has IT, human resources (HR), legal (LEG), marketing (MKG), and �nance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch o�ce in Phoenix. Most of the users in the Phoenix o�ce will work from home.

Existing Environment -

The network contains an Active Directory domain named contoso.com that is synced to Azure AD.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Con�guration Manager. The mobile devices are managed by using Microsoft Intune.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of
its respective department.

Intune Con�guration -

The domain has the users shown in the following table.

User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.

The device compliance policies in Intune are con�gured as shown in the following table.

108 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The device compliance policies have the assignments shown in the following table.

The device limit restrictions in Intune are con�gured as shown in the following table.

Requirements -

Planned changes -

Contoso plans to implement the following changes:

• Provide new computers to the Phoenix o�ce users. The new computers have Windows 10 Pro preinstalled and were purchased already.
• Implement co-management for the computers.

Technical Requirements -

Contoso must meet the following technical requirements:

You need to prepare for the deployment of the Phoenix o�ce computers.

What should you do �rst?

A. Generalize the computers and con�gure the Device settings from the Microsoft Entra admin center.

B. Extract the serial number of each computer to an XML �le and upload the �le from the Microsoft Intune admin center.

C. Extract the hardware ID information of each computer to a CSV �le and upload the �le from the Microsoft Intune admin center.

D. Generalize the computers and con�gure the Mobility (MDM and MAM) settings from the Microsoft Entra admin center.

E. Extract the serial number information of each computer to a CSV �le and upload the �le from the Microsoft Intune admin center.

Correct Answer: C

  Kiookr 2 weeks, 6 days ago

I think there is typo or wrong word "upload the file from the Microsoft Intune

109 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Should be ==> "upload the file to the Microsoft Intune admin center."
Is "to" not "from" because you already downloaded the hash or hardware ID from the computer.
upvoted 2 times

  Futfuyfyjfj 2 weeks, 5 days ago

Correct
upvoted 1 times
  Futfuyfyjfj 3 weeks, 3 days ago
Answer is correct.
upvoted 1 times

110 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #65 Topic 1

HOTSPOT
-

Case study
-

Overview
-

Contoso, Ltd. is a consulting company that has a main o�ce in Montreal and two branch o�ces in Seattle and New York.

Contoso has the users and computers shown in the following table.

The company has IT, human resources (HR), legal (LEG), marketing (MKG), and �nance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch o�ce in Phoenix. Most of the users in the Phoenix o�ce will work from home.

Existing Environment
-

The network contains an Active Directory domain named contoso.com that is synced to Azure AD.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Con�guration Manager. The mobile devices are managed by using Microsoft Intune.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of
its respective department.

Intune Con�guration
-

The domain has the users shown in the following table.

User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.

111 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The device compliance policies in Intune are con�gured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The device limit restrictions in Intune are con�gured as shown in the following table.

Requirements
-

Planned changes
-

Contoso plans to implement the following changes:

• Provide new computers to the Phoenix o�ce users. The new computers have Windows 10 Pro preinstalled and were purchased already.
• Implement co-management for the computers.

Technical Requirements
-

Contoso must meet the following technical requirements:

What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

112 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Fortind1974 Highly Voted  1 month ago

User 1: 10 devices

User 2: 1000

User2 is a device enrollment manager (DEM) in Intune, so device limit restrictions won't work on them.
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll#device-limit-restrictions
upvoted 9 times

  picho707 4 weeks, 1 day ago

Azure AD
Applying an Azure AD maximum device limit of less than 1,000 to a DEM account will prevent you from reaching the 1,000 device limit that the
DEM account can enroll.
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll
upvoted 1 times

  picho707 4 weeks, 1 day ago

Device enrollment managers are affected by device limit restrictions in Intune. Device limit restrictions let you restrict the number of devices a
user can enroll in Intune. Each restriction type comes with one default policy that you can edit and customize as needed. Intune applies the
default policy to all user and userless enrollments until you assign a higher-priority policy. Therefore, if a device enrollment manager is also a
user, they will be subject to the device limit restrictions set by the administrator.
upvoted 1 times

  Futfuyfyjfj 3 weeks, 2 days ago

Source?
upvoted 1 times

  VirtualJP Most Recent  1 week, 1 day ago

I'm going with this answer being correct.
upvoted 1 times

  Casticod 1 week, 4 days ago

User 1 10 Devices : https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll#device-limit-restrictions
User 2 1000 devices: https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll#device-limit-restrictions
upvoted 2 times

113 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Casticod 1 week, 4 days ago

Sorry user 1: 15
upvoted 1 times

  majerzg 1 week, 1 day ago

Why user1: 15? not 10?
upvoted 1 times
  ExamKiller020 2 weeks, 4 days ago
User 1: 15
user 2: 1000
DEM enrolls Windows 10/11 devices in shared device mode, so device limit restrictions won't work on them. Instead, you can configure a hard limit
for these devices in the Azure AD admin center.
ref: https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll#device-limit-restrictions
upvoted 1 times

  Futfuyfyjfj 2 weeks, 5 days ago

This source says when using automatic enrollment on Win10 and using DEM at the same time won’t apply a maximum based on the limit
restrictions to a DEM

https://learn.microsoft.com/en-us/mem/intune/enrollment/device-limit-intune-azure
upvoted 1 times

  rus10 1 month ago

user 1 is 15 and user 2 is 1000
upvoted 1 times

  Futfuyfyjfj 3 weeks, 2 days ago

Why do you think so?
upvoted 1 times

  NoursBear 1 month ago

User 1 is 15 devices
upvoted 1 times

  Futfuyfyjfj 3 weeks, 2 days ago

Why do you think so?
upvoted 1 times

  sh123df 1 month ago

If thinking at role so answer is not correct.
upvoted 1 times

114 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #66 Topic 1

HOTSPOT
-

Case study
-

Overview
-

Contoso, Ltd. is a consulting company that has a main o�ce in Montreal and two branch o�ces in Seattle and New York.

Contoso has the users and computers shown in the following table.

The company has IT, human resources (HR), legal (LEG), marketing (MKG), and �nance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch o�ce in Phoenix. Most of the users in the Phoenix o�ce will work from home.

Existing Environment
-

The network contains an Active Directory domain named contoso.com that is synced to Azure AD.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Con�guration Manager. The mobile devices are managed by using Microsoft Intune.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of
its respective department.

Intune Con�guration
-

The domain has the users shown in the following table.

User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.

115 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

The device compliance policies in Intune are con�gured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The device limit restrictions in Intune are con�gured as shown in the following table.

Requirements
-

Planned changes
-

Contoso plans to implement the following changes:

• Provide new computers to the Phoenix o�ce users. The new computers have Windows 10 Pro preinstalled and were purchased already.
• Implement co-management for the computers.

Technical Requirements
-

Contoso must meet the following technical requirements:

To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

116 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Futfuyfyjfj Highly Voted  1 month ago

A lot to walkthrough but the answer is correct. Remember excludes takes precedence and Android policies won’t apply to iOS of course (and vice
versa)
upvoted 7 times

117 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #67 Topic 1

Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2
that run Windows 10.

On Computer1, you need to run the Invoke-Command cmdlet to execute several PowerShell commands on Computer2.

What should you do �rst?

A. On Computer2, run the Enable-PSRemoting cmdlet.

B. On Computer2, add Computer1 to the Remote Management Users group.

C. From Active Directory, con�gure the Trusted for Delegation setting for the computer account of Computer2.

D. On Computer1, run the New-PSSession cmdlet.

Correct Answer: A

Community vote distribution

A (67%) D (33%)

  Temptset 6 days, 2 hours ago

Selected Answer: A
"PowerShell remoting is enabled by default on Windows Server platforms. You can use Enable-PSRemoting to enable PowerShell remoting on other
supported versions of Windows and to re-enable remoting if it becomes disabled."

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-6

The key is "enabled by default on SERVER...", not the client (Windows 10/11). You have to enable it first.
upvoted 1 times

  Alscoran 1 week, 1 day ago

Selected Answer: A
As Futfuyfujfj says... https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about
/about_remote_requirements?view=powershell-7.3
upvoted 1 times

  Rocky83 1 week, 2 days ago

Selected Answer: D
According to this article:

To run a single command on a remote computer, use the ComputerName parameter. To run a series of related commands that share data, use the
New-PSSession cmdlet to create a PSSession (a persistent connection) on the remote computer, and then use the Session parameter of Invoke-
Command to run the command in the PSSession. To run a command in a disconnected session, use the InDisconnectedSession parameter. To run a
command in a background job, use the AsJob parameter.
upvoted 1 times

  picho707 6 days ago

You do not need to run the New-PSSession cmdlet before running the Invoke-Command cmdlet. The Invoke-Command cmdlet will
automatically create a new PowerShell session if one does not already exist.
upvoted 2 times

  Futfuyfyjfj 1 month ago

Not 100% sure but looks correct:

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_requirements?view=powershell-7.3
upvoted 2 times

  Rocky83 1 week, 2 days ago

same here
upvoted 1 times

118 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #68 Topic 1

You have an Azure AD tenant that contains the devices shown in the following table.

Which devices can be activated by using subscription activation?

A. Device1 only

B. Device1 and Device2 only

C. Device1 and Device3 only

D. Device1, Device2, Device3, and Device4

Correct Answer: C

Community vote distribution

C (100%)

  Futfuyfyjfj Highly Voted  1 month ago

Answer is correct:
https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation#requirements
upvoted 6 times

  Rocky83 Most Recent  1 week, 2 days ago

Selected Answer: C
https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation#requirements

Devices must be Azure AD-joined or hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported.
upvoted 2 times

119 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #69 Topic 1

You have 25 computers that run Windows 10 Pro.

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

You need to upgrade the computers to Windows 11 Enterprise by using an in-place upgrade. The solution must minimize administrative effort.

What should you use?

A. Microsoft Deployment Toolkit (MDT) and a default image of Windows 11 Enterprise

B. Microsoft Con�guration Manager and a custom image of Windows 11 Enterprise

C. Windows Autopilot

D. Subscription Activation

Correct Answer: D

Community vote distribution

A (50%) C (50%)

  Sas2003 Highly Voted  2 weeks, 6 days ago

Selected Answer: A
Autopilot does not upgrade Windows version. The only approach listed to perform upgrade in-place is MDT with DEFAULT image
upvoted 6 times

  Monades Most Recent  1 day, 2 hours ago

Selected Answer: A
https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit
upvoted 1 times

  4rk4n4 1 day, 12 hours ago

Selected Answer: C
I think its option C.

Option A (using Microsoft Deployment Toolkit and a default image) may require more manual effort, like a custom image creation.
upvoted 1 times

  VirtualJP 2 days, 11 hours ago

Selected Answer: C
Here's why:

Windows Autopilot is a modern deployment method for Windows 10 and Windows 11 that streamlines the setup and configuration of new devices
and the upgrading of existing devices. It's designed to simplify the deployment process and reduce administrative overhead.

Since we already have a Microsoft 365 E5 subscription that uses Microsoft Intune, you can leverage these services to manage and configure
Windows Autopilot deployments.

Windows Autopilot supports both new device provisioning and in-place upgrades. In this scenario, you want to perform an in-place upgrade from
Windows 10 Pro to Windows 11 Enterprise, which can be accomplished through Windows Autopilot.

Windows Autopilot minimizes administrative effort by automating many of the deployment and configuration tasks. Once you set up the Autopilot
profile and enrollment settings in Microsoft Intune, the rest of the process can be largely hands-off for administrators and end-users.
upvoted 2 times

  picho707 5 days, 21 hours ago

Selected Answer: C
I am leaning towards "C" due to the fact that there is no mention of on-premise servers.
upvoted 1 times

  Nozuka 1 month ago

Autopilot doesn't do an "in-place upgrade", it deletes everything. Subscription activation can't do it either. SCCM doesn't seem to be present yet,
so it's too much effort. I guess that only leaves MDT, but it is not very satisfying solution for "low effort" either.
upvoted 3 times

  JustinHadwin 1 month ago

120 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

"Subscription activation doesn't update a device from Windows 10 to Windows 11. Only the edition is updated."

https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
upvoted 2 times

  rus10 1 month ago

Selected Answer: C
Autopilot and update rings so the PC will be forced in-place upgrade to windows 11
upvoted 1 times

  Futfuyfyjfj 3 weeks, 2 days ago

Well knowing Microsoft and the way they write down exam questions, I doubt whether C is correct, since Autopilot on it’s own can’t update
anything. And wiping all the devices to enroll them through Autopilot and then update by using WUfB in Intune is quite some effort as well. Just
updating in place by MDT might be easier anyway.
upvoted 2 times

  picho707 2 days, 17 hours ago

There is no mention of on-premise servers in the wording of this question.
upvoted 1 times

  usmansyed23 1 month ago

Selected Answer: C
I am guessing its C because Autopilot will help with the 'minimize administrative effort' bit.
A and B dont apply as this is an Intune focused question.
upvoted 2 times

  Futfuyfyjfj 3 weeks, 2 days ago

  NoursBear 1 month ago

For me MDT is the only correct answer
upvoted 3 times

  Futfuyfyjfj 1 month ago

Answer is correct, subscription activation is based on the license assigned in AAD and only requires a Windows sign off and sign in.
upvoted 2 times

  picho707 2 days, 17 hours ago

Subscription activation cannot upgrade from Windows 10 to Windows 11.
upvoted 1 times

  Crismo 1 week, 6 days ago

Weird question. To me all answers don't make sense. There's a statement in the Microsoft documentation that says you can't use subscription
activation to upgrade from W10 to W11, https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-
activation#subscription-activation-for-enterprise
But it's needed to get from Pro to Enterprise, therefore it seems be the best choice anyhow.
upvoted 1 times

  picho707 3 weeks, 3 days ago

Note

Subscription activation is available for qualifying devices running Windows 10 or Windows 11. You can't use subscription activation to upgrade
from Windows 10 to Windows 11.
https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
upvoted 2 times

  Futfuyfyjfj 1 month ago

I think you are wrong, the question states the device are now on Win 10 Pro and need to upgrade to Win11Ent. Subscription activation only
upgrades the edition, not the version
upvoted 2 times

121 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #70 Topic 1

You use the Microsoft Deployment Toolkit (MDT) to manage Windows 11 deployments.

From Deployment Workbench, you modify the WinPE settings and add PowerShell support.

You need to generate a new set of WinPE boot image �les that contain the updated settings.

What should you do?

A. From the Deployment Shares node, update the deployment share.

B. From the Advanced Con�guration node, create new media.

C. From the Packages node, import a new operating system package.

D. From the Operating Systems node, import a new operating system.

Correct Answer: A

Community vote distribution

A (100%)

  VirtualJP 1 week, 1 day ago

Selected Answer: A
I believe A to be correct, as per: https://learn.microsoft.com/en-us/windows/deployment/customize-boot-image?tabs=powershell#updating-the-
boot-image-and-boot-media-in-mdt
upvoted 1 times

  Support_Compu 1 week, 1 day ago

To generate a new set of WinPE boot image files with the updated settings in the Microsoft Deployment Toolkit (MDT), you should:

B. From the Advanced Configuration node, create new media.

Here's how you can do it:

Open the Deployment Workbench.

In the left pane, expand the "Advanced Configuration" node.

Right-click on "Media" and select "New Media."

Follow the wizard to create new media. During this process, you can customize the WinPE settings and add PowerShell support as needed.

After the media creation is complete, you can use the generated media to boot and deploy Windows 11 with the updated WinPE settings.

Option A (updating the deployment share) is used to update the deployment share itself but does not create new WinPE boot images with
updated settings.

Option C (importing a new operating system package) and Option D (importing a new operating system) are related to importing and managing
operating system packages and images but are not the steps required to create new WinPE boot images with customized settings.
upvoted 2 times

  BJS78 2 weeks, 6 days ago

https://learn.microsoft.com/en-us/windows/deployment/customize-boot-image?tabs=powershell#updating-the-boot-image-and-boot-media-in-
mdt
upvoted 1 times

  novaCapta 2 weeks, 6 days ago

I am not sure of the answer!
upvoted 1 times

122 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #71 Topic 1

You are replacing 100 company-owned Windows devices.

You need to use the Microsoft Deployment Toolkit (MDT) to securely wipe and decommission the devices. The solution must meet the following
requirements:

• Back up the user state.

• Minimize administrative effort.

Which task sequence template should you use?

A. Standard Client Task Sequence

B. Standard Client Replace Task Sequence

C. Litetouch OEM Task Sequence

D. Sysprep and Capture

Correct Answer: B

Community vote distribution

B (100%)

  Fortind1974 4 weeks, 1 day ago

Selected Answer: B
B. Standard Client Replace Task Sequence

https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#task-sequence-
templates
upvoted 3 times

  cserra 1 month ago

I think the right response is the A
The "Standard Client Replace Task Sequence" don't prreserve the user state.
upvoted 1 times

  4rk4n4 1 day, 12 hours ago

Option A ("Standard Client Task Sequence") is used for clean installations, not for replacing existing devices or migrating user data.
upvoted 1 times

  Futfuyfyjfj 3 weeks, 2 days ago

Documentation says you are wrong?

https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#task-
sequence-templates
upvoted 2 times

123 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #72 Topic 1

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 11.

You need to enable the Windows Remote Management (WinRM) service on Computer1 and perform the following con�gurations:

• For the WinRM service, set Startup type to Automatic.

• Create a listener that accepts requests from any IP address.
• Enable a �rewall exception for WS-Management communications.

Which PowerShell cmdlet should you use?

A. Connect-WSMan

B. Enable-PSRemoting

C. Invoke-WSManAction

D. Enable-PSSessionCon�guration

Correct Answer: B

  neki99 1 day, 2 hours ago

The Enable-PSRemoting cmdlet performs the following operations:

Runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:

Starts the WinRM service.
Sets the startup type on the WinRM service to Automatic.
Creates a listener to accept requests on any IP address.
Enables a firewall exception for WS-Management communications.
Creates the simple and long name session endpoint configurations if needed.
Enables all session configurations.
Changes the security descriptor of all session configurations to allow remote access.
Restarts the WinRM service to make the preceding changes effective.
upvoted 1 times

  BJS78 2 weeks, 6 days ago

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-7.3
upvoted 1 times

124 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #73 Topic 1

HOTSPOT
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. The tenant contains
the users shown in the following table.

You assign Windows 10/11 Enterprise E5 licenses to Group1 and User2.

You deploy the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

  Grg433 Highly Voted  1 month ago

Ans : Y,N,N
When a user with a Windows 11 Enterprise E5 license signs in to a Windows 11 Pro device that is Azure AD-joined, it can unlock specific Windows
11 Enterprise features via the licensing. However, if the device is AD DS-joined (Active Directory Domain Services-joined) and not Azure AD-joined,
it may not automatically upgrade to Windows 11 Enterprise based solely on the user's licensing.
upvoted 6 times

  Stuckbear 2 weeks, 6 days ago

until User1 is synced it is not licensed with the E5 license and therefore the device is not upgraded to W11
N,N,N
upvoted 4 times

  2434e34 1 month ago

Device 3 is Azure AD Joined, and User 2 have the assignment of E5 license. It will be upgraded to Windows 11 Enterprise.
upvoted 1 times

125 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  picho707 3 weeks, 3 days ago

Subscription Upgrade does not apply to version upgrade from Windows 10 to Windows 11
upvoted 3 times

  Vlad99 Most Recent  2 days, 11 hours ago

This is what I consider:
1. NO (missing on-premises sync)
If you have an on-premises Active Directory Domain Services (AD DS) domain, you need to synchronize the identities in the on-premises AD DS
domain with Azure AD. This synchronization is required for users to have a single identity that they can use to access their on-premises apps and
cloud services that use Azure AD. An example of a cloud service is Windows Enterprise E3 or E5.
https://learn.microsoft.com/en-us/windows/deployment/deploy-enterprise-licenses
2. YES (hybrid domain joined supported)
Requirements on devices :Devices must also be joined to Azure AD, or hybrid domain joined with Azure AD Connect. Customers who are federated
with Azure AD are also eligible.
https://learn.microsoft.com/en-us/windows/deployment/deploy-enterprise-licenses
3. NO
Active subscription supports upgrade only from Pro to Enterprise.
upvoted 2 times

  picho707 5 days, 20 hours ago

The answer is No, No, No:
Question 1: User1 is not synced to Azure AD.
Question 2: The device is not Azure AD joined.
Question 3: It is not possible to upgrade Windows 10 pro to Windows 10 Ent via subscription upgrades.
upvoted 2 times

  Casticod 4 days, 10 hours ago

According to your comment, in cloud-only companies (without synchronized AD) it would never work, right?

The products and licenses, with very few exceptions (for example SSPR), are exactly the same for Hybrid and cloud-only users.
upvoted 1 times

  BJS78 2 weeks, 6 days ago

https://xenit.se/blog/2017/12/27/windows-10-subscription-activation-hybrid-azure-ad-joined-devices/
According to this, IF the AD DS device is AAD registered as well, it will also upgrade. If not, no.
upvoted 1 times

126 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #74 Topic 1

HOTSPOT
-

Your network contains an Active Directory domain named adatum.com, a workgroup, and computers that run Windows 10. The computers are
con�gured as shown in the following table.

The local Administrator accounts on Computer1, Computer2, and Computer3 have the same user name and password.

On Computer1, Windows Defender Firewall is con�gured as shown in the following exhibit.

The services on Computer1 have the following states.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

127 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

NOTE: Each correct selection is worth one point.

Correct Answer:

  BJS78 2 weeks, 6 days ago

https://techcommunity.microsoft.com/t5/windows-management/getting-to-the-bottom-of-it-remote-computer-management-storage/m-
p/1603930
https://www.serverbrain.org/solutions-2003/monitoring-performance-remotely.html
upvoted 1 times

128 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #75 Topic 1

You have a Hyper-V host that contains the virtual machines shown in the following table.

On which virtual machines can you install Windows 11?

A. VM1 only

B. VM3 only

C. VM1 and VM2 only

D. VM2 and VM3 only

E. VM1, VM2, and VM3

Correct Answer: B

Community vote distribution

B (100%)

  Casticod 1 week, 4 days ago

Selected Answer: B
Picho707 Right
upvoted 1 times

  Grg433 1 month ago

Selected Answer: B
I think B is right
o install Windows 11, the virtual machines must meet specific hardware requirements, including having a 64-bit processor with at least two cores, 4
GB or more of RAM, and 64 GB or more of storage. Additionally, they must support certain virtualization features like Second Level Address
Translation (SLAT).
upvoted 2 times

  picho707 3 weeks, 3 days ago

Windows 11 cannot be installed in VM1 because it is generation 1.
Windows 11 cannot be installed in VM2 because it only has 1 vCPU.
VM3 is the only available option.
upvoted 4 times

  warrior_404 1 week ago

https://learn.microsoft.com/en-us/windows/whats-new/windows-11-requirements#virtual-machine-support
It seems that's right
upvoted 1 times

129 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #76 Topic 1

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.

Group2 has been assigned in the Enrollment Status Page.

You have the devices shown in the following table.

You capture and upload the hardware IDs of the devices in the marketing department.

You con�gure Windows Autopilot.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

  Casticod 1 week, 4 days ago

option 2, Its Windows HOME.
For me should Be: N N Y
https://techcommunity.microsoft.com/t5/microsoft-intune/autopilot-windows-10-home/m-p/1438719
upvoted 1 times

  Casticod 1 week, 4 days ago

I correct NYY and the second question talks about device 1 (not 2)
upvoted 1 times

130 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  ExamKiller020 2 weeks, 3 days ago

NYY
Given answers are correct.
1. no license
2. MS E3 and if no ESP config is assigned the default ESP will take place
3. MS E5 And ESP has been configured
upvoted 2 times

  sh123df 1 month ago

Correct answer
upvoted 1 times

Question #77 Topic 1

QUESTION NO: 77 -

You have a Microsoft 365 subscription that contains a user named User1. User1 is assigned a Windows 10/11 Enterprise E3 license.

You use Microsoft Intune Suite to manage devices.

User1 activates the following devices:

• Device1: Windows 11 Enterprise

• Device2: Windows 10 Enterprise
• Device3: Windows 11 Enterprise

How many more devices can User1 activate?

A. 2

B. 3

C. 7

D. 8

Correct Answer: A

  Casticod 1 week, 4 days ago

https://learn.microsoft.com/en-us/mem/intune/enrollment/device-limit-intune-azure#azure-device-limit-restriction
The question is poorly worded, and we have to understand that it asks how many Windows devices, if so, the answer is correct, 2 (5 in total)
upvoted 1 times

  Kiookr 2 weeks, 5 days ago

Why not 3 , there are 3 devices and maximum is 5 , it doesn't matter 2 of them are Win 11..
upvoted 1 times

  Kiookr 2 weeks, 5 days ago

Disregard please.. I see _ how many more _
upvoted 1 times

  picho707 3 weeks, 3 days ago

The answer is correct a user-assigned windows 10/11 enterprise E3 license can activate 5 devices therefore the answer needs to be 2.
upvoted 1 times

131 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #78 Topic 1

DRAG DROP
-

Your company has a computer named Computer1 that runs Windows 10.

Computer1 was used by a user who left the company.

You plan to repurpose Computer1 and assign the computer to a new user.

You need to redeploy Computer1 by using Windows Autopilot.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.

Correct Answer:

  Casticod 1 week, 4 days ago

Ja Ja Ja, I have repeated this operation more than 1000 times, its correct
upvoted 1 times

  ExamKiller020 2 weeks, 3 days ago

Given answer is correct.
ref: https://learn.microsoft.com/en-us/autopilot/add-devices
upvoted 1 times

132 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #79 Topic 1

You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 11.

You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 11 Enterprise to new computers. The
computers have a single hard disk.

You need to modify the task sequence to create a system volume and a data volume.

Which phase should you modify in the task sequence?

A. Initialization

B. State Restore

C. Preinstall

D. Postinstall

Correct Answer: C

Community vote distribution

C (100%)

  Grg433 1 month ago

Selected Answer: C
To modify the task sequence to create a system volume and a data volume when deploying Windows 11, you should make changes in the:

C. Preinstall phase

The Preinstall phase is where you can customize the disk partitions and create system and data volumes before the operating system is installed.
You can use the "Format and Partition Disk" task in the Preinstall phase to create the desired partitions and volumes according to your
requirements.
upvoted 3 times

133 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #80 Topic 1

You have a Microsoft Deployment Toolkit (MDT) deployment share.

From the Deployment Workbench, you open the New Task Sequence Wizard and select the Standard Client Upgrade Task Sequence task sequence
template.

You discover that there are no operating system images listed on the Select OS page as shown in the following exhibit.

You need to be able to select an operating system image to perform a Windows 11 in-place upgrade.

What should you do?

A. Enable monitoring for the deployment share.

B. Import a full set of source �les.

C. Import a custom image �le.

D. Run the Update Deployment Share Wizard.

Correct Answer: C

Community vote distribution

B (100%)

  VirtualJP 2 days, 10 hours ago

Selected Answer: B
Here's why:

Importing a full set of source files into the Deployment Workbench is necessary to have an operating system image available for the in-place
upgrade task sequence.

The in-place upgrade task sequence requires access to the Windows 11 source files to perform the upgrade.

Options A, C, and D are not directly related to the availability of operating system images in the task sequence. Enabling monitoring (Option A) is

134 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

for tracking deployment progress, importing a custom image file (Option C) is for using a custom image (not needed for an in-place upgrade), and
running the Update Deployment Share Wizard (Option D) is for updating the deployment share but doesn't specifically address the lack of
operating system images.
upvoted 1 times

  Zelda78 4 weeks, 1 day ago

indeed B to me.
upvoted 1 times

  Kiookr 2 weeks, 5 days ago

Thank you for your confidence, BUT can you back up your choice with documentation?
upvoted 1 times

  Nozuka 1 month ago

Selected Answer: B
Pretty sure it should be B.
https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-
toolkit#add-windows-10-enterprise-x64-full-source
upvoted 3 times

Question #81 Topic 1

Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection.
The company's security policy states the following:

• Personal devices do not need to be enrolled in Intune.

• Users must authenticate by using a PIN before they can access corporate email data.
• Users can use their personal iOS and Android devices to access corporate cloud services.
• Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to con�gure a solution to enforce the security policy.

What should you create?

A. a device con�guration pro�le from the Microsoft Intune admin center

B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal

C. an insider risk management policy from the Microsoft Purview compliance portal

D. an app protection policy from the Microsoft Intune admin center

Correct Answer: D

  picho707 3 weeks, 3 days ago

The answer is: D. an app protection policy from the Microsoft Intune admin center

App protection policies (APPs) allow you to manage and protect corporate data within managed apps. For example, you can use APPs to prevent
users from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
upvoted 4 times

135 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #82 Topic 1

You have a Microsoft 365 subscription that contains 500 Android Enterprise devices.

All the devices are enrolled in Microsoft Intune.

You need to deliver bookmarks to the Chrome browser on the devices.

What should you create?

A. a compliance policy

B. a con�guration pro�le

C. an app protection policy

D. an app con�guration policy

Correct Answer: C

Community vote distribution

D (72%) B (28%)

  Nozuka Highly Voted  1 month ago

Selected Answer: D
I don't agree with sh123df, since his answer is for Windows devices and this question states Android.
Answer should be D.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-configure-chrome-android#add-app-configuration-for-managed-ae-devices
upvoted 7 times

  VirtualJP Most Recent  2 days, 9 hours ago

Selected Answer: D
Here's why:

An app configuration policy is a better way to deliver bookmarks to the Chrome browser on Android devices than a configuration profile.

To deliver bookmarks to the Chrome browser on Android devices, you would create an app configuration policy that specifies the bookmarks that
you want to be added to the browser. The policy would then be assigned to your managed devices. Once the policy is applied, the bookmarks will
be added to Chrome automatically.

To deliver bookmarks using a configuration profile, you would need to create a file that contains the bookmark data. The file would then be pushed
to your managed devices. Once the file is on the device, you would need to use a script to import the bookmarks into Chrome.

This process is more complex and time-consuming than using an app configuration policy. It also requires you to create and maintain a bookmark
file, which can be cumbersome if you have a large number of bookmarks or if you need to frequently update them.
upvoted 1 times

  ZaFletch 2 days, 10 hours ago

Selected Answer: D
Plenty of links already in discussion, answer is D
upvoted 1 times

  Rocky83 1 week, 1 day ago

Selected Answer: D
Should be D
upvoted 1 times

  Gillactus 4 weeks, 1 day ago

Selected Answer: D
Answer is D App Config Policy.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-configure-chrome-android
upvoted 3 times

  Gillactus 4 weeks, 1 day ago

Answer is D App Config Policy.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-configure-chrome-android
upvoted 1 times

136 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Grg433 1 month ago

Selected Answer: B
I think B is correct
A configuration profile in Microsoft Intune allows you to configure settings and features on enrolled devices, including configuring bookmarks in
the Chrome browser. You can use this profile to define the bookmarks you want to push to the devices' Chrome browsers.

The other options (A, C, D) are used for different purposes and wouldn't be the appropriate choice for delivering bookmarks to the browser.
https://www.anoopcnair.com/configure-google-chrome-bookmarks-using-intune/
upvoted 1 times

  sh123df 1 month ago

Selected Answer: B
Answer is wrong.
Devices > Windows > Configuration profiles > Create profile.
Create a profile using Administrative templates: Computer Configuration > Google > Google Chrome
upvoted 4 times

  Kaasstengelss123 2 days, 1 hour ago

the question is about android devices
upvoted 1 times

Question #83 Topic 1

You have a Microsoft 365 E5 subscription and 100 computers that run Windows 10.

You need to deploy Microsoft O�ce Professional Plus 2019 to the computers by using Microsoft O�ce Deployment Tool (ODT).

What should you use to create a customization �le for ODT?

A. the Microsoft 365 admin center

B. the Microsoft Intune admin center

C. the Microsoft Purview compliance portal

D. the Microsoft 365 Apps admin center

Correct Answer: D

Community vote distribution

D (100%)

  ExamKiller020 2 weeks, 3 days ago

Selected Answer: D
Given answer is correct.
https://config.office.com/
upvoted 2 times

  picho707 3 weeks, 3 days ago

To create a customization file for ODT, you should use the Microsoft 365 Apps admin center.
The other options are incorrect:

The Microsoft 365 admin center: The Microsoft 365 admin center does not provide a tool for creating customization files for ODT.
The Microsoft Intune admin center: The Microsoft Intune admin center is used to manage mobile devices, not desktop computers.
The Microsoft Purview compliance portal: The Microsoft Purview compliance portal is used to manage compliance for Microsoft 365 and other
Microsoft products. It does not provide a tool for creating customization files for ODT.
upvoted 3 times

137 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #84 Topic 1

You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.

You plan to use Intune to deploy an application named App1 that contains multiple installation �les.

What should you do �rst?

A. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool.

B. Create an Android application package (APK).

C. Upload the contents of App1 to Intune.

D. Install the Microsoft Deployment Toolkit (MDT).

Correct Answer: C

Community vote distribution

A (100%)

  Nozuka Highly Voted  1 month ago

Selected Answer: A
Should be A.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-prepare
upvoted 5 times

  ZaFletch Most Recent  2 days, 10 hours ago

Selected Answer: A
Answer is A, uploading apps to intune requires them to be in the correct format. Cannot upload until the prep tool has been run.
upvoted 1 times

  picho707 5 days, 18 hours ago

Selected Answer: A
The answer is: A. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool.
The other answer choices are incorrect:

B. An Android application package (APK) is used to deploy Android apps, not Win32 apps.
C. You cannot upload the contents of App1 to Intune until you have prepared the app content by using the Microsoft Win32 Content Prep Tool.
D. The Microsoft Deployment Toolkit (MDT) is used to deploy Windows operating systems and other software to computers, not to manage mobile
devices.
upvoted 1 times

  Rocky83 1 week, 1 day ago

Selected Answer: A
A of course
upvoted 1 times

  Kiookr 2 weeks, 4 days ago

I think is "A"
upvoted 1 times

  Grg433 1 month ago

Selected Answer: A
please let me know if this is wrong.

To deploy an application that contains multiple installation files in Microsoft Intune, you should:

A. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool.

The Microsoft Win32 Content Prep Tool is used to package and prepare Win32 applications (legacy desktop applications) for deployment through
Microsoft Intune. It helps you create the necessary installation files and metadata that Intune requires to distribute and install the application on
Windows devices.
upvoted 2 times

138 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #85 Topic 1

HOTSPOT
-

You have groups that use the Dynamic Device membership type as shown in the following table.

You are deploying Microsoft 365 apps.

You have devices enrolled in Microsoft Intune as shown in the following table.

In the Microsoft Intune admin center, you create a Microsoft 365 Apps app as shown in the exhibit. (Click the Exhibit tab.)

139 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

  Rocky83 1 week, 1 day ago

I think the answer is correct
upvoted 1 times

  BJS78 2 weeks, 6 days ago

Group1: Company, Group2: Any private devices.
App is for W10, assigned to Group1, where we have only 1 W10, which is LT1
--> YNN
upvoted 4 times

  Casticod 1 week, 4 days ago

I´m Agree
upvoted 1 times

140 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #86 Topic 1

You have a Microsoft 365 subscription. All devices run Windows 10.

You need to prevent users from enrolling the devices in the Windows Insider Program.

What two con�gurations should you perform from the Microsoft Intune admin center? Each correct answer is a complete solution.

NOTE: Each correct selection is worth one point.

A. a device restrictions device con�guration pro�le

B. an app con�guration policy

C. a Windows 10 and later security baseline

D. a custom device con�guration pro�le

E. a Windows 10 and later update ring

Correct Answer: DE

Community vote distribution

DE (75%) AD (25%)

  ExamKiller020 2 weeks, 3 days ago

Selected Answer: DE
Given answers are correct.
Ref: https://learn.microsoft.com/en-us/windows-insider/business/manage-builds#set-up-insider-preview-builds-using-intune
Ref: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-Update?WT.mc_id=Portal-fx#managepreviewbuilds
upvoted 3 times

  BJS78 2 weeks, 6 days ago

Device restriction: no windows update reference, so no Insider
App policy has no business here
Security baseline has no Insider setting
Custom profile: CSP/OMA-RUI for Update/ManagePreviewBuilds
Update ring: "Enable pre-release builds"
So, DE is correct
upvoted 2 times

  picho707 3 weeks, 3 days ago

To prevent users from enrolling their devices in the Windows Insider Program using Microsoft Intune, you should perform the following two
configurations from the Microsoft Intune admin center:

A. Create a device restrictions device configuration profile: This profile allows you to enforce restrictions and settings on Windows 10 devices. You
can use this to prevent users from joining the Windows Insider Program.

E. Create a Windows 10 and later update ring: By configuring an update ring, you can control the release of Windows updates to devices. By setting
the update ring to a stable release channel, you can prevent users from receiving Insider Preview builds, which are part of the Windows Insider
Program.
upvoted 2 times

  Grg433 1 month ago

Selected Answer: AD
I think it should be A and D.
A. Device restrictions device configuration profile: You can use this profile to enforce specific settings on Windows 10 devices, including preventing
enrollment in the Windows Insider Program.

D. Custom device configuration profile: Creating a custom device configuration profile allows you to define specific settings and restrictions for
your Windows 10 devices, including preventing enrollment in the Windows Insider Program.
upvoted 1 times

141 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #87 Topic 1

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You plan to use Endpoint analytics.

You need to create baseline metrics.

What should you do �rst?

A. Modify the Baseline regression threshold.

B. Onboard 10 devices to Endpoint analytics.

C. Create a Log Analytics workspace.

D. Create an Azure Monitor workbook.

Correct Answer: B

Community vote distribution

C (100%)

  picho707 Highly Voted  3 weeks, 3 days ago

To create baseline metrics in Endpoint analytics, you should start by:

C. Create a Log Analytics workspace.

upvoted 6 times

  Casticod Most Recent  4 days, 9 hours ago

Selected Answer: C
"Once you have more than 10 devices enrolled in to Endpoint Analytics you will be able to create new baselines."
C for Me
https://timmyit.com/2020/07/15/scheduled-creation-of-baselines-for-endpoint-analytics/
upvoted 1 times

  Rocky83 1 week, 1 day ago

Selected Answer: C
Before onboard devices you need to create the Log Analytics Workspace
upvoted 2 times

  ExamKiller020 2 weeks, 3 days ago

Just noticed in my own test tenant: 'You need at least 10 devices to create a baseline.'
upvoted 3 times

  Casticod 1 week, 4 days ago

This is a prerequisite, therefore it must come first
upvoted 1 times

  Kiookr 2 weeks, 4 days ago

I agree with Picho707... "C. Create a Log Analytics workspace.
upvoted 1 times

  BJS78 2 weeks, 6 days ago

If the very first selection "Collect device data from" equals onboarding, then onboarding is the first step.
upvoted 1 times

142 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #88 Topic 1

You install a feature update on a computer that runs Windows 10.

How many days do you have to roll back the update?

A. 5

B. 10

C. 14

D. 30

Correct Answer: B

Community vote distribution

B (100%)

  VirtualJP 2 days, 8 hours ago

Selected Answer: B
https://answers.microsoft.com/en-us/windows/forum/all/how-to-recover-restore-your-previous-version-
of/94368560-9c64-4387-92b9-82a9234216ad
upvoted 1 times

  BJS78 2 weeks, 6 days ago

https://www.itechtics.com/rollback-windows-updates-after-10-days/
upvoted 2 times

143 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #89 Topic 1

You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace.

You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

You need to ensure that you can use Log Analytics to query events from Computer1.

What should you do on Computer1?

A. Join Azure AD.

B. Con�gure Windows Defender Firewall.

C. Create an event subscription

D. Install the Azure Monitor Agent.

Correct Answer: D

Community vote distribution

D (50%) A (50%)

  Kiookr 1 day, 4 hours ago

Look at the question : What should you do on Computer1? .. is asking about Computer1 .. thus A: Join to Azure AD
upvoted 1 times

  SHIT159 2 days, 1 hour ago

Selected Answer: D
Letra D
upvoted 1 times

  Gillactus 1 week, 5 days ago

Selected Answer: A
Needs to be Azure AD joined or Hybrid joined. See under limitations in the link.
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-windows-client
upvoted 2 times

  ExamKiller020 2 weeks, 3 days ago

Selected Answer: D
Given answer is correct.
REF: https://www.systemcenterdudes.com/collect-windows10-events-in-log-analytic-workspace/
search for 'Download the Monitoring Agent' on that page
upvoted 3 times

  Kiookr 2 weeks, 3 days ago

Selected Answer: A
Again computer1 is in " workgroup" meaning is not joint to Azure AD , thus I would select A. Join to Azure AD
upvoted 2 times

  Crismo 1 week, 6 days ago

Not 100% sure but I don't think an AAD join is required. When installing the Monitoring agent, you specify the Workspace ID and Primary key of
your Log Analytics workspace.
I assume D is the correct answer.
upvoted 1 times

  BJS78 2 weeks, 6 days ago

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events
upvoted 1 times

144 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #90 Topic 1

You have a Microsoft 365 E5 subscription and 100 unmanaged iPad devices.

You need to deploy a speci�c iOS update to the devices. Users must be prevented from manually installing a more recent version of iOS.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Create a device con�guration pro�le.

B. Enroll the devices in Microsoft Intune by using the Intune Company Portal.

C. Create a compliance policy.

D. Create an iOS app provisioning pro�le.

E. Enroll the devices in Microsoft Intune by using Apple Business Manager.

Correct Answer: AE

  BJS78 2 weeks, 6 days ago

Stupid question.
You can set iOS update policy ONLY on SUPERVISED devices, so yes, ABM is required.
iOS update policy is REQUIRED to define the exact update to have, but does not block you to update manually, for that you need a Device
restriction policy in place.
That also blocks the user up to 90 days only, after that user can install update manually again.
upvoted 1 times

145 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #91 Topic 1

You have a Microsoft 365 subscription that includes Microsoft Intune.

You have an update ring named UpdateRing1 that contains the following settings:

• Automatic update behavior: Auto install and restart at a scheduled time

• Automatic behavior frequency: First week of the month
• Scheduled install day: Tuesday
• Scheduled install time: 3 AM

From the Microsoft Intune admin center, you select Uninstall for the feature updates of UpdateRing1.

When will devices start to remove the feature updates?

A. when a user approves the uninstall

B. as soon as the policy is received

C. next Tuesday

D. the �rst Tuesday of the next month

Correct Answer: B

Community vote distribution

B (100%)

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: B
Given answer is correct.
Windows devices start removal of updates as soon as they receive the change in Intune policy. Update removal isn't limited to maintenance
schedules, even when they're configured as part of the update ring.
REF: https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings#uninstall
upvoted 2 times

146 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #92 Topic 1

You have a hybrid deployment of Azure AD that contains 50 Windows 10 devices. All the devices are enrolled in Microsoft Intune.

You discover that Group Policy settings override the settings con�gured in Microsoft Intune policies.

You need to ensure that the settings con�gured in Microsoft Intune override the Group Policy settings.

What should you do?

A. From Group Policy Management Editor, con�gure the Computer Con�guration settings in the Default Domain Policy.

B. From the Microsoft Intune admin center, create a custom device pro�le.

C. From the Microsoft Intune admin center, create an Administrative Templates device pro�le.

D. From Group Policy Management Editor, con�gure the User Con�guration settings in the Default Domain Policy.

Correct Answer: B

Community vote distribution

B (67%) C (33%)

  VirtualJP 2 days, 8 hours ago

Selected Answer: C
Here's why:

Administrative Templates device profiles in Microsoft Intune allow you to configure a wide range of settings, similar to Group Policy settings. When
applied, these profiles can take precedence over Group Policy settings on enrolled devices.
upvoted 1 times

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: B
Given answer is correct.
REF: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict#mdmwinsovergp
upvoted 2 times

  picho707 3 weeks, 2 days ago

To ensure that the settings configured in Microsoft Intune policies override the Group Policy settings for Windows 10 devices enrolled in Intune,
you should do the following:

C. From the Microsoft Intune admin center, create an Administrative Templates device profile.
upvoted 1 times

147 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #93 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center.

What should you con�gure?

A. the Azure Monitor agent

B. a device compliance policy

C. a Conditional Access policy

D. an Intune data collection policy

Correct Answer: A

Community vote distribution

D (100%)

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: D
Given answer isn't correct. The azure monitoring agent can be used to collect Windows event logs for example.
Answer is D.
REF: https://learn.microsoft.com/en-us/mem/analytics/data-collection
upvoted 4 times

  picho707 3 weeks, 2 days ago

To ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center, you
should configure an Intune data collection policy.
upvoted 3 times

  Fortind1974 1 month ago

Selected Answer: D
D. an Intune data collection policy

https://learn.microsoft.com/en-us/mem/analytics/enroll-intune#bkmk_onboard
upvoted 3 times

148 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #94 Topic 1

HOTSPOT
-

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

Devices are enrolled in Intune as shown in the following table.

The devices are the members of groups as shown in the following table.

You create an iOS/iPadOS update pro�le as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

149 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

NOTE: Each correct selection is worth one point.

Correct Answer:

  picho707 4 days, 23 hours ago

The way I see the answers. Please correct me if I am wrong:
1: Yes, The update will be installed on Wednesday after 1 PM because the policy applies to the device.
2: No, If a device is excluded from a software update policy and an update is available for download, the device will not install the update
automatically.
3: No, The device was not enrolled as a supervised device ( enrolled via the company portal) so the policy will not apply meaning the device will not
update automatically.
upvoted 1 times

  Grg433 1 month ago

can anyone please explain this : why second and third is No ?
upvoted 1 times

  Fortind1974 4 weeks, 1 day ago

2: Device 2 is in the included and excluded group, but excluded takes precedence. So there is no applicable update policy for it.

3: You can only manage software updates for iOS/iPad devices that are enrolled through Apple's Automated Device Enrollment (ADE).
upvoted 6 times

  Casticod 1 week, 4 days ago

Agree +1
upvoted 1 times

150 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #95 Topic 1

You have a Microsoft Intune deployment that contains the resources shown in the following table.

You create a policy set named Set1 and add Comply1 to Set1.

Which additional resources can you add to Set1?

A. Conf1 only

B. Comply2 only

C. Comply2 and Conf1 only

D. CA1, Conf1, and O�ce1 only

E. Comply2, CA1, Conf1, and O�ce1

Correct Answer: C

Community vote distribution

C (100%)

  Fortind1974 1 month ago

Selected Answer: C
C. Comply2 and Conf1 only

https://learn.microsoft.com/en-us/mem/intune/fundamentals/policy-sets
upvoted 4 times

151 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #96 Topic 1

You use Microsoft Defender for Endpoint to protect computers that run Windows 10.

You need to assess the differences between the con�guration of Microsoft Defender for Endpoint and the Microsoft-recommended con�guration
baseline.

Which tool should you use?

A. Microsoft Defender for Endpoint Power BI app

B. Microsoft Secure Score

C. Endpoint Analytics

D. Microsoft 365 Defender portal

Correct Answer: D

Community vote distribution

B (100%)

  Fortind1974 1 month ago

Selected Answer: B
B. Microsoft Secure Score

https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score
upvoted 2 times

  Crismo 1 week, 6 days ago

I also tend to B. It's also chatGPTs choice:

B. Microsoft Secure Score

Microsoft Secure Score is a tool that helps organizations assess their security posture across various Microsoft products, including Microsoft
Defender for Endpoint. It provides recommendations and best practices based on Microsoft's security baseline configurations. By using
Microsoft Secure Score, you can evaluate the configuration of Microsoft Defender for Endpoint against the recommended configuration
baseline and identify areas where improvements can be made to enhance your overall security posture.
upvoted 1 times

152 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #97 Topic 1

You have a Microsoft 365 E5 subscription that contains 1,000 Windows 11 devices. All the devices are enrolled in Microsoft Intune.

You plan to integrate Intune with Microsoft Defender for Endpoint.

You need to establish a service-to-service connection between Intune and Defender for Endpoint.

Which settings should you con�gure in the Microsoft Intune admin center?

A. Premium add-ons

B. Connectors and tokens

C. Tenant enrollment

D. Microsoft Tunnel Gateway

Correct Answer: B

  VirtualJP 2 days, 6 hours ago

I go with B
upvoted 1 times

153 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #98 Topic 1

DRAG DROP
-

You have a Microsoft Intune subscription that is con�gured to use a PFX certi�cate connector to an on-premises Enterprise certi�cation authority
(CA).

You need to use Intune to con�gure autoenrollment for Android devices by using public key pair (PKCS) certi�cates.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.

Correct Answer:

  Casticod 1 week, 4 days ago

Agreed
1) Obtain the root certificate
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure#export-the-root-certificate-from-the-enterprise-ca
2) From the Microsoft Endpoint Manager admin center, create a trusted certificate configuration profile
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure#create-a-trusted-certificate-profile
3) From the Microsoft Endpoint Manager admin center, create a PKCS certificate configuration profile
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure#create-a-pkcs-certificate-profile
upvoted 3 times

154 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #99 Topic 1

Your company uses Microsoft Intune.

More than 500 Android and iOS devices are enrolled in the Intune tenant.

You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.

You need to ensure that the policies can target the devices based on their version of Android or iOS.

What should you con�gure �rst?

A. groups that have dynamic membership rules in Azure AD

B. Device categories in Intune

C. Corporate device identi�ers in Intune

D. Device settings in Azure AD

Correct Answer: A

Community vote distribution

B (57%) A (43%)

  Rocky83 1 day, 9 hours ago

Selected Answer: B
You must create the categories first and use them in the dynamic group.
upvoted 1 times

  VirtualJP 2 days, 5 hours ago

Selected Answer: B
B, because: Device categories allow you to group devices based on criteria such as device platform (e.g., Android, iOS) or other properties. By
defining device categories for Android and iOS devices, you can apply policies selectively to each category based on the version of Android or iOS
installed.

Not A, because: Groups with dynamic membership rules in Azure AD are used for creating Azure AD security groups with dynamic membership
based on user or device attributes. While these can be used for targeting policies, they are more focused on user attributes and may not directly
address the need to target based on device platform and version.
upvoted 1 times

  picho707 4 days, 21 hours ago

Selected Answer: B
Devices must be categorized first and then the devices can be grouped statically or dynamically.
upvoted 1 times

  Casticod 1 week, 4 days ago

Selected Answer: A
To create Device category you also create a dynamic/s Group/s
I Think A as a correct response (but with doubts)
upvoted 1 times

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: A
Given answer is 100% correct.
Just tested in my own test tenant. You can create a dynamic rule based on 'DeviceOSVersion'. And groups can be assigned to a policy.
REF: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership#rules-for-devices
upvoted 2 times

  Zelda78 4 weeks, 1 day ago

device categories are linked to a dynamic group, not directly to a policy. dynamic groups you can apply to a policy right? so A to me.
upvoted 3 times

  Grg433 1 month ago

Selected Answer: B
should be B no ?

155 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Device categories in Intune allow you to group devices based on certain criteria.By creating device categories, we can target policies to specific
groups of devices, including those running different versions of Android or iOS.
upvoted 1 times

  Ferric 2 weeks, 5 days ago

I agree. This learn article describes configuring the Device Category first:
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping
upvoted 1 times

Question #100 Topic 1

DRAG DROP
-

You have 500 Windows 10 devices enrolled in Microsoft Intune.

You plan to use Exploit protection in Microsoft Intune to enable the following system settings on the devices:
• Data Execution Prevention (DEP)
• Force randomization for images (Mandatory ASLR)

You need to con�gure a Windows 10 device that will be used to create a template �le.

Which protection areas on the device should you con�gure in the Windows Security app before you create the template �le? To answer, drag the
appropriate protection areas to the correct settings. Each protection area may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Correct Answer:

  BJS78 2 weeks, 3 days ago

Trick is that it is about "Windows Security" app. There DEP is the 2nd, randomization is the 3rd option in the Exploit Protection, which is under App
& browser control. The answer is correct.
upvoted 1 times

  Grg433 1 month ago

Should be this no ?
Virus & Threat Protection for DEP.
App & Browser Control for Mandatory ASLR.
upvoted 1 times

  Grg433 2 weeks, 3 days ago

sorry, I was wrong - answer is correct both can be found in - windows security > App & Browser Control
upvoted 2 times

156 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #101 Topic 1

You have an Azure AD tenant named contoso.com.

You have a workgroup computer named Computer1 that runs Windows 11.

You need to add Computer1 to contoso.com.

What should you use?

A. dsregcmd.exe

B. Computer Management

C. netdom.exe

D. the Settings app

Correct Answer: D

Community vote distribution

D (75%) C (25%)

  Rocky83 1 day, 8 hours ago

Selected Answer: D
Should be D
upvoted 1 times

  �refox15 2 days, 7 hours ago

Selected Answer: D
The question is in regard to Azure AD (not on-prem AD DS) which limits your options. Netdom isn't going to work. It needs to be the Settings app.
upvoted 1 times

  Monades 6 days, 3 hours ago

Selected Answer: D
D
https://support.microsoft.com/en-us/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-
5457430f3973
"To join an already configured Windows 10 device"
upvoted 1 times

  majerzg 1 week ago

Selected Answer: C
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc788018(v=ws.11)
upvoted 1 times

  Kiookr 2 weeks, 3 days ago

I think computer 1 can be added or joint to the domain contoso.com from the computer management of the computer itself. Also I think can be
add from intune
upvoted 1 times

157 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #102 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage Windows 11 devices.

You need to implement passwordless authentication that requires users to use number matching.

Which authentication method should you use?

A. Microsoft Authenticator

B. voice calls

C. FIDO2 security keys

D. text messages

Correct Answer: A

  picho707 3 weeks, 2 days ago

The correct answer is A. Microsoft Authenticator.

Microsoft Authenticator is a mobile app that provides a variety of authentication methods, including passwordless authentication. To use
passwordless authentication with Microsoft Authenticator, users must first register their device and add their Azure AD account to the app. Once
registered, users can sign in to their Azure AD account by approving a notification on their device.
upvoted 3 times

Question #103 Topic 1

You use a Microsoft Intune subscription to manage iOS devices.

You con�gure a device compliance policy that blocks jailbroken iOS devices.

You need to enable Enhanced jailbreak detection.

What should you con�gure?

A. the Compliance policy settings

B. the device compliance policy

C. a network location

D. a con�guration pro�le

Correct Answer: B

Community vote distribution

B (100%)

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: B
'Enhanced jailbreak detection' isn't present in the current intune version anymore. It used to be in the Compliance policy settings blade.
ref: https://www.petervanderwoude.nl/post/quick-tip-location-services-required-for-enhanced-jailbreak-detection/
The only setting in intune that you can set is in the device compliance policy.
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios#device-health
So my guess is B
upvoted 1 times

158 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #104 Topic 1

DRAG DROP
-

You have a Microsoft 365 subscription that contains two users named User1 and User2.

You need to ensure that the users can perform the following tasks:
• User1 must be able to create groups and manage users.
• User2 must be able to reset passwords for nonadministrative users.

The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Correct Answer:

  JBV85 2 weeks, 4 days ago

Correct
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
upvoted 2 times

159 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #105 Topic 1

HOTSPOT
-

You have a Microsoft Intune subscription that has the following device compliance policy settings:
• Mark devices with no compliance policy assigned as: Compliant
• Compliance status validity period (days): 14

On January1, you enroll Windows 10 devices in Intune as shown in the following table.

On January 4, you create the following two device compliance policies:

• Name: Policy1
• Platform: Windows 10 and later
• Require BitLocker: Require
• Mark device noncompliant: 5 days after noncompliance
• Scope (Tags): Tag1

• Name: Policy2
• Platform: Windows 10 and later
• Firewall: Require
• Mark device noncompliant: Immediately
• Scope (Tags): Tag2

On January 5, you assign Policy1 and Policy2 to Group1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

160 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  reapernam 5 days, 7 hours ago

On Second thought, its N N Y.

Like ExamKiller020 says, the Scope Tags have no relevance in Policy or Group assignments. So both Policies are being applied.
upvoted 1 times

  reapernam 1 week, 1 day ago

The answer could be YYY.

Devices are already compliant before having the policies assigned to them. So when the newly added compliancy policies take effect, the devices
are still compliant.
1. Yes- Device is still within its 14 day validity of initial compliance, and with 5-day rule, will only be labeled as non-compliant after 5 days, meaning
its still compliant.
2. Same as above.
3. Yes, Look at cserra answer
upvoted 1 times

  ExamKiller020 2 weeks, 2 days ago

Just remember: Scope (Tags) are used to determine which objects admins can see.
N,N,Y
upvoted 1 times

  cserra 2 weeks, 5 days ago

I think the answer is YYY

Initialy, all devices are compliant.

1) On jan 7, Policy1 don't mark yet as not compliant because need pass 5 days to apply the "noncompliant". Policy2 dont apply because Device1 is
out of his scope (Tag2). Then, is it compliant? YES
2) On jan 8, the case is the same than before. Then YES
3) To Device2, only the Policy2 is applicable (Tag2). The device has the firewall activated. Then, is it compliant? YES
upvoted 2 times

  BJS78 2 weeks, 3 days ago

Tag is for RBAC. No relevance in configuration implementation.
upvoted 2 times

  Grg433 1 month ago

can someone please explaing why N,N,Y ?
upvoted 1 times

  Fortind1974 4 weeks, 1 day ago

Policy1 & Policy2 are both assigned to Group1. Scope (Tags) are used to determine which objects admins can see.

1: Policy2 marks the device noncompliant immediately

2: Policy2 still marks the device noncompliant immediately

3: Policy1 marks device noncompliant after 5 days

upvoted 6 times

161 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #106 Topic 1

HOTSPOT
-

You have a Microsoft 365 subscription that includes Microsoft Intune.

You have computers that run Windows 11 as shown in the following table.

You have the groups shown in the following table.

You create and assign the compliance policies shown in the following table.

The next day, you review the compliance status of the computers.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

  Casticod 1 week, 2 days ago

I have a question... IF computer 3 is not registered (or joined), how does it belong to group 3)
Beyond this joke, the answers seem to be correct
Computer 1 is in a grace period because policy 1 applies to it and it does not have bitlocker activated.

162 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Team 2 is compliance because pass the policy1.

Team 3 is not compliance because it does not belong to the Azure Ad in question
upvoted 1 times

  BJS78 2 weeks, 3 days ago

Device must be joined to AAD and/or registered in Intune to receive compliance policy.
Usually: AADJ: Corporate device, AADR: private device (does not apply with this question)
upvoted 1 times

  sh123df 4 weeks, 1 day ago

No
Yes
Yes
Looks like is wrong, correct me.
upvoted 2 times

  majerzg 1 day, 6 hours ago

I think that you are right.
upvoted 1 times

  Grg433 1 month ago

should be Y,Y,Y ? no ?
upvoted 1 times

  SdovlA 3 weeks, 1 day ago

The third device is just registered in AAD. The status is N/A.
upvoted 4 times

Question #107 Topic 1

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.

Solution: From the Microsoft Entra admin center, you con�gure the Authentication methods.

Does this meet the goal?

A. Yes

B. No

Correct Answer: B

Community vote distribution

B (100%)

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: B
Devices > Enroll devices > Windows enrollment > Windows Hello for Business in Intune and configure a desired policy.
upvoted 1 times

163 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #108 Topic 1

You have a Microsoft 365 tenant that contains the objects shown in the following table.

You are creating a compliance policy named Compliance1.

Which objects can you specify in Compliance1 as additional recipients of noncompliance noti�cations?

A. Group3 and Group4 only

B. Group3, Group4, and Admin1 only

C. Group1, Group2, and Group3 only

D. Group1, Group2, Group3, and Group4 only

E. Group1, Group2, Group3, Group4, and Admin1

Correct Answer: C

Community vote distribution

C (100%)

  Rocky83 6 days, 8 hours ago

Selected Answer: C
C is correct
upvoted 1 times

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: C
Given answer is correct. Tested in my own tenant. You can only select groups with email adresses
upvoted 1 times

  SdovlA 3 weeks, 1 day ago

Selected Answer: C
The answer is correct. For action, Send email to end users. You can configure M365, distribution or mail-enabled security groups as additional
recipients.
upvoted 1 times

  picho707 3 weeks, 2 days ago

The answer appears to be E based on the information below:
In a compliance policy, you can specify the following objects as additional recipients of noncompliance notifications:

Users: You can add individual users as recipients of noncompliance notifications. This allows you to notify specific users when their devices are
found to be noncompliant1.
Groups: You can add groups of users as recipients of noncompliance notifications. This allows you to notify multiple users at once when their
devices are found to be noncompliant1.
Roles: You can add Azure AD roles as recipients of noncompliance notifications. This allows you to notify users with specific roles or responsibilities
when their devices are found to be noncompliant1.
Email addresses: You can add email addresses as recipients of noncompliance notifications. This allows you to notify external stakeholders or
distribution lists when devices are found to be noncompliant1.
upvoted 1 times

  BJS78 2 weeks, 3 days ago

Nope, tested it. You can add only groups (groups with e-mail addresses)
upvoted 1 times

  Grg433 1 month ago

Is this C option even correct ?
upvoted 1 times

164 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #109 Topic 1

HOTSPOT
-

You have an Azure AD tenant named contoso.com that contains a user named User1. User1 has a user principal name (UPN) of
[email protected].

You join a Windows 11 device named Client1 to contoso.com.

You need to add User1 to the local Administrators group of Client1.

How should you complete the command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

  Nozuka Highly Voted  1 month ago

Should be "AzureAD" since there is no mention of On-Premise AD.
https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin#manually-elevate-a-user-on-a-device
upvoted 6 times

  Rocky83 Most Recent  6 days, 8 hours ago

AzureAD is the correct answer here
upvoted 1 times

  Casticod 1 week, 2 days ago

net localgroup administrators /add "AzureAD\[email protected]
https://superuser.com/questions/982336/how-do-i-add-azure-active-directory-user-to-local-administrators-group
upvoted 1 times

  Sas2003 3 weeks, 3 days ago

AzureAD is the correct answer
upvoted 4 times

165 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #110 Topic 1

You have a Microsoft 365 subscription.

You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least
privilege.

Which role should you assign to the user?

A. Global Administrator

B. Conditional Access Administrator

C. Security Administrator

D. Intune Administrator

Correct Answer: B

Community vote distribution

B (67%) C (33%)

  picho707 Highly Voted  3 weeks, 2 days ago

B appears to be correct:
To set up security defaults and create Conditional Access policies, a user requires the Conditional Access Administrator or Security Administrator
role1. However, the Security Reader or Global Reader role is sufficient if the purpose is solely to read policies1.
upvoted 7 times

  Rocky83 Most Recent  6 days, 8 hours ago

Selected Answer: B
To provide a user the ability to manage both security defaults and Conditional Access policies, you should assign them the Conditional Access
Administrator role1. This role allows the user to create, edit, and delete Conditional Access policies, as well as enable or disable security defaults.
upvoted 2 times

  Casticod 1 week, 2 days ago

Selected Answer: B
100%100 Agree With Examkiller020
Global administrator, Conditional Access Administrator and Security Administrator can change security defaults But CAA Has a lower level of
privileges
upvoted 1 times

  ExamKiller020 2 weeks, 2 days ago

Selected Answer: B
Both Conditional Access Administrator and Security Administrator can change security defaults
REF: https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=secdefaults#to-
enable-security-defaults-or-confirm-theyre-already-enabled

When I look at all the permissions Security Administrator has. Its way more compaired to the Conditional Access Administrator role.

So I guess the answer is B

REF:https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator
REF: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#conditional-access-administrator

166 of 210 12/10/2023, 22:03

MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

- Expert Veri�ed, Online, Free.

 Custom View Settings

1 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #110 Topic 1

You have a Microsoft 365 subscription.

You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least
privilege.

Which role should you assign to the user?

A. Global Administrator

B. Conditional Access Administrator

C. Security Administrator

D. Intune Administrator

Correct Answer: B

Community vote distribution

B (67%) C (33%)

  picho707 Highly Voted  3 weeks, 2 days ago

  Rocky83 Most Recent  6 days, 8 hours ago

  Casticod 1 week, 2 days ago

  ExamKiller020 2 weeks, 2 days ago

When I look at all the permissions Security Administrator has. Its way more compaired to the Conditional Access Administrator role.

So I guess the answer is B

  Stuckbear 3 weeks ago

Selected Answer: C
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-defaults
To configure security defaults in your directory, you must be assigned at least the Security Administrator role.
upvoted 3 times

2 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #111 Topic 1

HOTSPOT
-

In Microsoft Intune, you have the device compliance policies shown in the following table.

The Intune compliance policy settings are con�gured as shown in the following exhibit.

On June 1, you enroll Windows 10 devices in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

3 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Casticod 1 week, 2 days ago

I think the answer is No, No, Yes.
Device 1 is Windows 10 - and policy 1 is for Windows 8. Default compliance for devices without a policy is not compliant so first 2 questions are
NO.
Then the third device has 2 policies, the first one is compliant and the second policy is not compliant but the device is not marked as non-
compliant due to the fact that mark device as non-compliant is set to 10 days. This means that the machine will be compliant until june 10th.

Source:
Mark device non-compliant: By default, this action is set for each compliance policy and has a schedule of zero (0) days, marking devices as
noncompliant immediately.

When you change the default schedule, you provide a grace period in which a user can remediate issues or become compliant without being
marked as non-compliant.

This action is supported on all platforms supported by Intune.

https://docs.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance
upvoted 1 times

  �refox15 2 days, 6 hours ago

Policy 1 is for Windows 8.1 *and later*. It should still apply unless I'm missing something. I feel it should be Y, N, Y.
upvoted 2 times

4 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #112 Topic 1

You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices that run Windows 11.

User provides remote support for 75 devices in the marketing department.

You need to add User1 to the Remote Desktop Users group on each marketing department device.

What should you con�gure?

A. an app con�guration policy

B. a device compliance policy

C. an account protection policy

D. a device con�guration pro�le

Correct Answer: B

Community vote distribution

C (100%)

  Fortind1974 Highly Voted  1 month ago

Selected Answer: C
C. an account protection policy

https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy#manage-local-groups-on-windows-devices
upvoted 7 times

  Rocky83 Most Recent  6 days, 7 hours ago

Selected Answer: C
C for sure
upvoted 1 times

  picho707 3 weeks, 2 days ago

The correct answer is D. This is a device configuration profile.
Here's how you can do it:

In the Microsoft Intune portal, go to "Devices" and select "Configuration profiles."

Click on "Create profile" to create a new device configuration profile.

Choose the platform for the devices you want to target (Windows 11 in this case).

In the configuration settings, look for the option to configure local user groups or local administrators on Windows 11 devices.

Add User1 as a member of the "Remote Desktop Users" group.

Assign this configuration profile to the devices in the marketing department.

upvoted 2 times

  picho707 4 days, 18 hours ago

I retract this answer. The correct answer is "C"
upvoted 1 times

  BJS78 2 weeks, 3 days ago

a) you need to select "Settings catalog" or "Templates" after the platform
b) no, there is no such. You can manage local groups only via "Endpoint Security \ Account protection"
upvoted 1 times

  Sas2003 3 weeks, 3 days ago

Selected Answer: C
C is correct
upvoted 2 times

5 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  2434e34 1 month ago

Selected Answer: C
C. an account protection policy

https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy#manage-local-groups-on-windows-devices
upvoted 2 times

6 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #113 Topic 1

HOTSPOT
-

You have an Azure AD tenant named contoso.com that contains the users shown in the following table.

For contoso.com, the Mobility (MDM and MAM) settings have the following con�gurations:

• MDM user scope: Group1

• MAM user scope: Group2

You purchase the devices shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:

  VirtualJP 1 day, 9 hours ago

I'm thinking N,N,N
upvoted 2 times

  BJS78 2 weeks, 3 days ago

https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/
upvoted 1 times

7 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #114 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to deploy and manage Windows devices.

You have 100 devices from users that left your company.

You need to repurpose the devices for new users by removing all the data and applications installed by the previous users. The solution must
minimize administrative effort.

What should you do?

A. Deploy a new con�guration pro�le to the devices.

B. Perform a Windows Autopilot reset on the devices.

C. Perform an in-place upgrade on the devices.

D. Perform a clean installation of Windows 11 on the devices.

Correct Answer: B

8 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #115 Topic 1

HOTSPOT
-

You create a Windows Autopilot deployment pro�le.

You need to con�gure the pro�le settings to meet the following requirements:

• Automatically enroll new devices and provision system apps without requiring end-user authentication
• Include the hardware serial number in the computer name.

Which two settings should you con�gure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

9 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  VirtualJP
Question #116 1 day, 9 hours ago Topic 1
Agree answer is correct
upvoted 1 times
You have a computer named Computer1 that runs Windows 11.
  ExamKiller020 2 weeks, 1 day ago
Given answer is correct.
A user
Fornamed User1 plans
deployment modetoyou
usecan
Remote Desktop to connect
use self-deploying mode.to Computer1.
upvoted 1 times
You need to ensure that the device of User1 is authenticated before the Remote Desktop connection is established and the sign in page appears.

What should you do on Computer1?

A. Turn on Reputation-based protection

B. Enable Network Level Authentication (NLA)

C. Turn on Network Discovery

D. Con�gure the Remote Desktop Con�guration service

Correct Answer: B

  BJS78 2 weeks, 3 days ago

https://itcompanies.net/blog/network-level-authentication
upvoted 1 times

10 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #117 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You have the devices shown in the following table.

Which devices can be changed to Windows 11 Enterprise by using subscription activation?

A. Device3 only

B. Device2 and Device3 only

C. Device1 and Device2 only

D. Device1, Device2, and Device3

Correct Answer: D

  Gillactus Highly Voted  3 weeks, 4 days ago

Selected Answer: B
The correct answer is B. Read the note that states. Note
Subscription activation is available for qualifying devices running Windows 10 or Windows 11. You can't use subscription activation to upgrade
from Windows 10 to Windows 11.
https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
upvoted 9 times

  Grg433 Most Recent  1 month ago

Selected Answer: A
should be devie 3 only no ?
upvoted 1 times

  Zelda78 4 weeks, 1 day ago

Subscription activation for Enterprise
Windows Enterprise E3 and E5 are available as online services via subscription. You can deploy Windows Enterprise in your organization without
keys and reboots.

Devices with a current Windows Pro edition license can be seamlessly upgraded to Windows Enterprise.
Product key-based Windows Enterprise software licenses can be transitioned to Windows Enterprise subscriptions.
https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
upvoted 2 times

11 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #118 Topic 1

HOTSPOT
-

Your network contains an Active Directory domain named adatum.com. The domain contains two computers named Computer1 and Computer2
that run Windows 10. Remote Desktop is enabled on Computer2.

The domain contains the user accounts shown in the following table.

Computer2 contains the local groups shown in the following table.

The relevant user rights assignments for Computer2 are shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

12 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

  Sprocket10 5 days, 6 hours ago

Answers are correct YNY
upvoted 3 times

  Reza_88 1 week, 6 days ago

it should be yes, no, no imo
User 3 is member of group 3 which is denied by the policy 'Deny log on locally'
upvoted 3 times

  picho707 4 days, 17 hours ago

A user with “Deny logon locally” permissions can still connect via Remote Desktop Services, as these are two separate permissions.
On the other hand, the “Deny logon through Remote Desktop Services” policy determines which users are prevented from logging on to the
device through a Remote Desktop connection. This means that the user cannot log in remotely via Remote Desktop Services.
upvoted 1 times

  reapernam 1 week, 1 day ago

Doesnt that mean deny local logins only.
But Allow Remote logins.
upvoted 2 times

Question #119 Topic 1

You have two computers named Computer1 and Computer2 that run Windows 10. Computer2 has Remote Desktop enabled.

From Computer1, you connect to Computer2 by using Remote Desktop Connection.

You need to ensure that you can access the local drives on Computer1 from within the Remote Desktop session.

What should you do?

A. From Computer2, con�gure the Remote Desktop settings.

B. From Windows Defender Firewall on Computer1, allow Remote Desktop.

C. From Windows Defender Firewall on Computer2, allow File and Printer Sharing.

D. From Computer1, con�gure the Remote Desktop Connection settings.

Correct Answer: D

  Sprocket10 5 days, 6 hours ago

Selected Answer: D
D is correct as anyone using Windows 10 for 8 years would know. Setting from the originating device within the repair app
upvoted 3 times

  Casticod 1 week, 3 days ago

Selected Answer: A
A for Me, No it´s in connections zone, its in Locla resources: https://www.ionos.com/help/server-cloud-infrastructure/dedicated-server-for-servers-
purchased-before-102818/servers/transfer-files-using-remote-desktop/
upvoted 1 times

  Casticod 1 week, 2 days ago

Local resources, sorry
upvoted 1 times

13 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #120 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune.

You have �ve new Windows 11 Pro devices.

You need to prepare the devices for corporate use. The solution must meet the following requirements:
• Install Windows 11 Enterprise on each device.
• Install a Windows Installer (MSI) package named App1 on each device.
• Add a certi�cate named Certi�cate1 that is required by App1.
• Join each device to Azure AD.

Which three provisioning options can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A. subscription activation

B. a custom Windows image

C. an in-place upgrade

D. Windows Autopilot

E. provisioning packages

Correct Answer: BDE

  someone1337 Highly Voted  2 weeks, 5 days ago

A, D, E.

Install Windows 11 Enterprise on each device:

Subscription activation
Install a Windows Installer (MSI) package named App1 on each device:
Provisioning packages
Add a certificate named Certificate1 that is required by App1:
Provisioning packages
Join each device to Azure AD:
Autopilot
upvoted 6 times

  VirtualJP Most Recent  1 day, 8 hours ago

Selected Answer: BDE
While subscription activation may be part of the setup process, it doesn't directly address the other requirements, such as installing Windows 11
Enterprise, App1, and Certificate1.

In-place upgrades are typically used for updating or upgrading the existing operating system on a device. They do not address the initial
provisioning requirements of installing a new OS and software.
upvoted 1 times

  reapernam 1 week, 1 day ago

Each correct answer presents a complete solution.
Cant be A, as that only upgrades.
Correct answer is BDE
upvoted 1 times

  Casticod 1 week, 3 days ago

Selected Answer: ADE
No need image to update windows 11 pro, to Enterprise, It´s Possible from suscription activation.
For me Should be A D E
upvoted 2 times

  BJS78 2 weeks, 2 days ago

Answer is correct. Pay attention to "Each correct answer presents a complete solution.". So ALL requirements must be filled by every single
selection of solution.
a) subscription: upgrade only, nothing else
b) Custom image: yes, can do
c) In-place upgrade: upgrade only

14 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

d) Autopilot: yes
e) provisioning packages: yes
https://learn.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-packages
upvoted 4 times

  Sprocket10 5 days, 6 hours ago

Should be ADE.
The purpose of Autopilot is to not require Custom Images so the answer would include both B and D together
upvoted 1 times

  Grg433 2 weeks, 3 days ago

Selected Answer: ADE
I think it should be A, D, E.
upvoted 2 times

  picho707 3 weeks, 2 days ago

The answer appear to be C, D and E.
It does not appear to meet the criteria for a custom window image.
upvoted 1 times

15 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #121 Topic 1

DRAG DROP
-

You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.

You import a Windows 11 image to DS1.

You have an executable installer for an application named App1.

You need to ensure that App1 will be installed for all the task sequences that deploy the image.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.

Correct Answer:

16 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #122 Topic 1

HOTSPOT
-

You have the devices shown in the following table.

You need to migrate app data from Device1 to Device2. The data must be encrypted and stored on Server1 during the migration.

Which command should you run on each device? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

  Rocky83 5 days, 22 hours ago

Correct answer
upvoted 1 times

  BJS78 2 weeks, 2 days ago

https://learn.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax
https://learn.microsoft.com/en-us/windows/deployment/usmt/usmt-loadstate-syntax
upvoted 2 times

17 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #123 Topic 1

You have a Microsoft 365 subscription.

You plan to use Windows Autopilot to provision 25 Windows 11 devices.

You need to con�gure the Out-of-box experience (OOBE) settings.

What should you create in the Microsoft Intune admin center?

A. an enrollment status page (ESP)

B. a deployment pro�le

C. a compliance policy

D. a PowerShell script

E. a con�guration pro�le

Correct Answer: B

  ExamKiller020 2 weeks, 1 day ago

Selected Answer: B
Given answer is correct. Checked in own tenant
upvoted 2 times

18 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #124 Topic 1

You have an Azure AD tenant that contains the devices shown in the following table.

You purchase Windows 11 Enterprise E5 licenses.

Which devices can use Subscription Activation to upgrade to Windows 11 Enterprise?

A. Device1 only

B. Device1 and Device2 only

C. Device1 and Device3 only

D. Device1, Device2, Device3, and Device4

Correct Answer: C

  picho707 4 days, 16 hours ago

Selected Answer: A
The subscription upgrade conditions are: the same Windows OS type and the devices must be Azure AD joined.
upvoted 1 times

  Sprocket10 5 days, 6 hours ago

Selected Answer: A
100% A
upvoted 1 times

  Casticod 1 week, 2 days ago

Selected Answer: A
Yes Should be A
upvoted 1 times

  BJS78 2 weeks, 2 days ago

Subscription upgrade is about PRO-->ENT. W11 ENT can be made from 11 PRO, so Device1 and Device2. Device 1 is AAD joined-->OK (requires
Hybrid joined). Device2 is AAD Registered --> NO. So Answer A.
upvoted 3 times

  Grg433 2 weeks, 3 days ago

Selected Answer: A
Should be A !
upvoted 2 times

  Sas2003 2 weeks, 6 days ago

Selected Answer: A
The subscription activation feature enables you to "step-up" from Windows Pro edition to Enterprise or Education editions, it cannot upgrade from
Windows 10 to 11
upvoted 4 times

19 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #125 Topic 1

You have a Microsoft 365 Subscription that uses Microsoft Intune.

You add apps to Intune as shown in the following table.

You need to create an app con�guration policy named Policy1 for the Android Enterprise platform.

Which apps can you manage by using Policy1?

A. App2 only

B. App3 only

C. App1 and App3 only

D. App2 and App3 only

E. App1, App2, and App3

Correct Answer: B

  Vlad99 1 week, 1 day ago

https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-overview
You will only see apps from Managed Google Play store, not the Google Play store, when using Managed Devices as the Enrollment Type for
Android devices.
Correct answer.
upvoted 1 times

  Casticod 1 week, 2 days ago

Selected Answer: B
Correct : https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-android
upvoted 1 times

20 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #126 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune.

You need to ensure that you can deploy apps to Android Enterprise devices.

What should you do �rst?

A. Create a con�guration pro�le.

B. Add a certi�cate connector.

C. Con�gure the Partner device management settings.

D. Link your managed Google Play account to Intune.

Correct Answer: D

  VirtualJP 1 day, 8 hours ago

Selected Answer: D
Agreed
upvoted 1 times

21 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #127 Topic 1

You have a Microsoft 365 tenant that uses Microsoft Intune.

You use the Company Portal app to access and install published apps to enrolled devices.

From the Microsoft Intune admin center, you add a Microsoft Store app.

Which two App information types are visible in the Company Portal?

NOTE: Each correct selection is worth one point.

A. Privacy URL

B. Information URL

C. Developer

D. Owner

Correct Answer: AC

  Fortind1974 Highly Voted  1 month ago

Selected Answer: AB
A. Privacy URL
B. Information URL

https://learn.microsoft.com/en-us/mem/intune/apps/store-apps-microsoft
upvoted 7 times

  VirtualJP Most Recent  1 day, 8 hours ago

Selected Answer: AB
These App information types are provided by the app developer. The Privacy URL links to the developer's privacy policy, and the Information URL
links to the developer's website.
upvoted 1 times

  SHIT159 6 days ago

Selected Answer: AB
a and b
upvoted 1 times

  �im322 2 weeks, 3 days ago

Answer is corrected

https://www.examtopics.com/discussions/microsoft/view/64554-exam-md-101-topic-5-question-7-discussion/
upvoted 1 times

  Zelda78 3 weeks, 6 days ago

indeed Privacy url and information.
upvoted 1 times

22 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #128 Topic 1

HOTSPOT
-

You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

You need to set a custom image as the wallpaper and sign-in screen.

Which two settings should you con�gure in the Device restrictions con�guration pro�le? To answer, select the appropriate settings in the answer
area.

NOTE: Each correct selection is worth one point.

23 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Casticod 1 week, 2 days ago

lock screen Experience > "locked screen picture url" option.
Personnalization > "Desktop background picture url" option.
so answers are correct.
Question #129
upvoted 2 times Topic 1

You have computers that run Windows 11 Pro. The computers are joined to Azure AD and enrolled in Microsoft Intune.

You need to upgrade the computers to Windows 11 Enterprise.

What should you con�gure in Intune?

A. a device compliance policy

B. a device cleanup rule

C. a device enrollment policy

D. a device con�guration pro�le

Correct Answer: D

  Sprocket10 5 days, 5 hours ago

Selected Answer: D
D is correct
upvoted 2 times

24 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #130 Topic 1

You have computers that run Windows 10 and are managed by using Microsoft Intune.

Users store their �les in a folder named D:\Folder1.

You need to ensure that only a trusted list of applications is granted write access to D:\Folder1.

What should you con�gure in the device con�guration pro�le?

A. Microsoft Defender Exploit Guard

B. Microsoft Defender Application Guard

C. Microsoft Defender SmartScreen

D. Microsoft Defender Application Control

Correct Answer: A

  SHIT159 3 days, 1 hour ago

Selected Answer: D
resposta certa D
upvoted 1 times

  Sprocket10 5 days, 5 hours ago

Selected Answer: A
Answer is correct. Microsoft Configuration Manager, go to Assets and Compliance > Endpoint Protection > Windows Defender Exploit Guard.
upvoted 1 times

  BJS78 2 weeks, 2 days ago

Answer is correct. There are multiple ways to set this, but all called "Control Folder access".
Easiest way to set it up via ASR, but also can be set via Templates\Endpoint Protection\Microsoft Defender Exploit Guard\Controlled folder access.
upvoted 2 times

  ExamKiller020 2 weeks, 1 day ago

You are right. Given answer is correct.
REF: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide
upvoted 1 times

  ExamKiller020 2 weeks, 1 day ago

Correction i think D is the right answer as others mentioned.
upvoted 1 times

  Grg433 2 weeks, 5 days ago

Selected Answer: D
D is correct.
upvoted 2 times

  picho707 3 weeks, 2 days ago

The correct answer is: D. Microsoft Defender Application Control

Microsoft Defender Application Control (WDAC) is a security feature that allows you to control which applications are allowed to run on a Windows
device. You can use WDAC to create a list of trusted applications, and then prevent all other applications from running.

To use WDAC to restrict write access to D:\Folder1, you would create a WDAC policy that only allows trusted applications to write to that folder. You
can then assign the WDAC policy to the computers that you want to restrict.
upvoted 3 times

25 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #131 Topic 1

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You need to create Endpoint security policies to meet the following requirements:
• Hide the Firewall & network protection area in the Windows Security app.
• Disable the provisioning of Windows Hello for Business on the devices.

Which two policy types should you use? To answer, select the policies in the answer area.

NOTE: Each correct selection is worth one point.

26 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Casticod 1 week, 2 days ago

Correct:
https://www.examtopics.com/discussions/microsoft/view/74677-exam-md-101-topic-4-question-58-discussion/
upvoted 1 times

  LMaina 2 weeks, 4 days ago

How can Antivirus be correct to "Hide the Firewall & network protection area in the Windows Security app".
upvoted 1 times

  BJS78 2 weeks, 2 days ago

As with Antivirus settings, you can control aspects of Windows Defender Security Center.
Here the relevant part is "Disable Network UI".
upvoted 1 times

  picho707 3 weeks, 2 days ago

Answer is correct based in the link below:
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-profile-settings
upvoted 2 times

27 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #132 Topic 1

You have a Microsoft 365 subscription that contains 100 devices enrolled in Microsoft Intune.

You need to review the startup processes and how often each device restarts.

What should you use?

A. Endpoint analytics

B. Device Management

C. Azure Monitor

D. Intune Data Warehouse

Correct Answer: D

  Fortind1974 Highly Voted  1 month ago

Selected Answer: A
A. Endpoint analytics

https://learn.microsoft.com/en-us/mem/analytics/restart-frequency
upvoted 7 times

  Sprocket10 Most Recent  5 days, 5 hours ago

Answer should be A. Tested and confirmed
upvoted 1 times

  BJS78 2 weeks, 2 days ago

https://learn.microsoft.com/en-us/mem/analytics/restart-frequency
https://learn.microsoft.com/en-us/mem/analytics/startup-performance
upvoted 1 times

  Grg433 2 weeks, 5 days ago

Selected Answer: A
To review the startup processes and how often each device restarts in Microsoft Intune, we should use Endpoint analytics. Endpoint analytics
provides insights into the performance and health of your devices, including startup and restart data.

So, the correct option is:

A. Endpoint analytics

we can use this feature to gain valuable insights into device performance, user experience, and more, helping we make informed decisions about
device management and optimization.
upvoted 2 times

28 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #133 Topic 1

DRAG DROP
-

You have a Microsoft 365 subscription that contains devices enrolled in Microsoft Intune.

You need to create Endpoint security policies to enforce the following requirements:
• Computers that run macOS must have FileVault enabled.
• Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
• Computers that run Windows 10 must have Microsoft Defender Application Control enabled.

Which Endpoint security feature should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each
feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Correct Answer:

Question #134 Topic 1

Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune.

Currently, Windows updates are downloaded without using Delivery Optimization.

You need to con�gure the computers to use Delivery Optimization.

What should you create in Intune?

A. a device compliance policy

B. a Windows 10 update ring

C. a device con�guration pro�le

D. an app protection policy

Correct Answer: C

  BJS78 2 weeks, 2 days ago

https://learn.microsoft.com/en-us/mem/intune/configuration/delivery-optimization-windows
upvoted 1 times

29 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #135 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

Auto-enrollment in Intune is con�gured.

You have 100 Windows 11 devices in a workgroup.

You need to connect the devices to the corporate wireless network and enroll 100 new Windows 11 devices in Intune.

What should you use?

A. a provisioning package

B. a Group Policy Object (GPO)

C. mobile device management (MDM) automatic enrollment

D. a device con�guration policy

Correct Answer: C

  Rocky83 5 days, 8 hours ago

Selected Answer: A
Should be A
upvoted 1 times

  picho707 3 weeks, 1 day ago

The answer appears to be A due to the fact that the MDM autoenrollment is already configured.
upvoted 4 times

  Crismo 1 week, 5 days ago

Agree on A: https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll
B: Not an option since the machines are not domain joined
C: Already configured but won't have an impact without manual steps
D: Can only be applied after the Intune enrollment
upvoted 1 times

  BJS78 2 weeks, 2 days ago

Agree. To start the enrollment you have to connect automatically to WiFi which can be provided by the package (and by USB)
upvoted 1 times

30 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #136 Topic 1

HOTSPOT
-

You have a Microsoft 365 tenant that uses Microsoft Intune to manage personal and corporate devices. The tenant contains Windows 10 devices
as shown in the following exhibit.

How will Intune classify each device after the devices are enrolled in Intune automatically? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

Correct Answer:

  BJS78 2 weeks, 2 days ago

In general --> Joined: Corporate, Registered: Private
upvoted 1 times

31 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #137 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices. All devices are in the same time zone.

You create an update rings policy and assign the policy to all Windows devices.

On the November 1, you pause the update rings policy.

All devices remain online.

Without further modi�cation to the policy, on which date will the devices next attempt to update?

A. December 1

B. December 6

C. November 15

D. November 22

Correct Answer: B

  picho707 4 days, 1 hour ago

Selected Answer: B
Answer is B
November 1st + 35 days = December 6.
upvoted 2 times

  ExamKiller020 3 weeks, 4 days ago

Select Pause to prevent assigned devices from receiving feature or quality updates for up to 35 days from the time you pause the ring. After the
maximum days have passed, pause functionality automatically expires and the device scans Windows Updates for applicable updates. Following
this scan, you can pause the updates again. If you resume a paused update ring, and then pause that ring again, the pause period resets to 35 days.

Ref: https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings#pause
upvoted 1 times

  Kiookr 1 week, 6 days ago

Sorry !! are you telling the correct answer or what ?? what is the explanation has to do with the answer .. SO is the answer is B as show or you
have deferent opinion ?
upvoted 1 times

  Fortind1974 1 month ago

Selected Answer: B
B. December 6

https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings#pause
upvoted 3 times

32 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #138 Topic 1

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

All devices have Microsoft Edge installed.

From the Microsoft Intune admin center, you create a Microsoft Edge Baseline pro�le named Edge1.

You need to apply Edge1 to all the supported devices.

To which devices should you apply Edge1?

A. Device1 only

B. Device1 and Device2 only

C. Device1, Device2, and Device3 only

D. Device1, Device2, and Device4 only

E. Device1, Device2, Device3, and Device4

Correct Answer: B

  BJS78 2 weeks, 2 days ago

Edge baseline is for W10+ only
upvoted 1 times

33 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #139 Topic 1

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Intune.

You plan to manage Windows updates by using Intune.

You create an update ring for Windows 10 and later and con�gure the User experience settings for the ring as shown in the following exhibit.

34 of 46 12/10/2023, 22:05
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

- Expert Veri�ed, Online, Free.

 Custom View Settings

Question #138 Topic 1

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

All devices have Microsoft Edge installed.

From the Microsoft Intune admin center, you create a Microsoft Edge Baseline pro�le named Edge1.

You need to apply Edge1 to all the supported devices.

To which devices should you apply Edge1?

A. Device1 only

B. Device1 and Device2 only

C. Device1, Device2, and Device3 only

D. Device1, Device2, and Device4 only

E. Device1, Device2, Device3, and Device4

Correct Answer: B

  BJS78 2 weeks, 2 days ago

Edge baseline is for W10+ only
upvoted 1 times

1 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #139 Topic 1

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Intune.

You plan to manage Windows updates by using Intune.

You create an update ring for Windows 10 and later and con�gure the User experience settings for the ring as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

2 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Fortind1974 Highly Voted  1 month ago

Automatic restarts are blocked between 8 AM - 5 PM.
A restart will be forced on a device 1 day after the deadline.

https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings
upvoted 10 times

  BJS78 2 weeks, 2 days ago

Correct
upvoted 2 times

3 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #140 Topic 1

You have a Microsoft 365 tenant.

You have devices enrolled in Microsoft Intune.

You assign a conditional access policy named Policy1 to a group named Group1. Policy1 restricts devices marked as noncompliant from
accessing Microsoft OneDrive for Business.

You need to identify which noncompliant devices attempt to access OneDrive for Business.

What should you do?

A. From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.

B. From the Microsoft Intune admin center, review Device compliance report.

C. From the Microsoft Intune admin center, review the Noncompliant devices report.

D. From the Microsoft Intune admin center, review the Setting compliance report.

Correct Answer: C

Community vote distribution

A (83%) B (17%)

  Fortind1974 Highly Voted  1 month ago

Selected Answer: A
A. From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting
upvoted 5 times

  BJS78 Most Recent  2 weeks, 2 days ago

I think the question is very badly formed. (on purpose, of course)
If you have OD enabled and configured, than yes, any device (including the non-compliants) will try to access it.
If it is not, the non*compliant report will give you only info about which device cannot access, not about did that device try it at all...so no audit info
available. So I would vote on "A".
upvoted 1 times

  Grg433 2 weeks, 5 days ago

Selected Answer: B
To identify noncompliant devices that attempt to access OneDrive for Business, you should review the Device compliance report in the Microsoft
Intune admin center.

Option B is the correct choice. This report will provide information about the compliance status of devices and can help you identify which devices
are noncompliant and attempting to access OneDrive for Business.

and I think 'Conditional access insights and reporting workbook' is only possible in 'Azure' not in Microsoft Entra admin center'
upvoted 1 times

  BJS78 2 weeks, 2 days ago

https://entra.microsoft.com/ from here you can go to Conditional Access via the "Protection" menu element.
upvoted 1 times

4 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #141 Topic 1

HOTSPOT
-

You use Microsoft Intune to manage Windows 10 devices.

You are designing a reporting solution that will provide reports on the following:

• Compliance policy trends

• Trends in device and user enrollment
• App and operating system version breakdowns of mobile devices

You need to recommend a data source and a data visualization tool for the design.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

  VirtualJP 11 hours, 32 minutes ago

Answer appears to be correct
upvoted 1 times

5 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #142 Topic 1

Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.

You implement hybrid Azure AD and Microsoft Intune.

You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize
administrative effort.

What should you use?

A. an Autodiscover address record

B. a Group Policy object (GPO)

C. an Autodiscover service connection point (SCP)

D. a Windows Autopilot deployment pro�le

Correct Answer: D

Community vote distribution

B (100%)

  Fortind1974 Highly Voted  1 month ago

Selected Answer: B
B. a Group Policy object (GPO)

https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
upvoted 11 times

  BJS78 Most Recent  2 weeks, 2 days ago

GPO and Autopilot both can do it, but as we migrate prod devices, it is quite possible we don't want to reset the devices, so this way "B" is better.
upvoted 1 times

6 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #143 Topic 1

HOTSPOT
-

You have two computers that run Windows 10. The computers are enrolled in Microsoft Intune as shown in the following table.

Windows 10 update rings are de�ned in Intune as shown in the following table.

You assign the update rings as shown in the following table.

What is the effect of the con�gurations on Computer1 and Computer2? To answer, select the appropriate options in the answer area.

Correct Answer:

  BJS78 2 weeks, 2 days ago

Correct. Computer2 got excluded from both rings due to dual group membership.
upvoted 1 times

7 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #144 Topic 1

HOTSPOT
-

You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

You need to con�gure an Intune device con�guration pro�le to meet the following requirements:

• Prevent Microsoft O�ce applications from launching child processes.

• Block users from transferring �les over FTP.

Which two settings should you con�gure in the Endpoint protection con�guration pro�le? To answer, select the appropriate settings in the answer
area.

NOTE: Each correct selection is worth one point.

9 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #145 Topic 1

You have Answer:

Correct following types of devices enrolled in Microsoft Intune:
• Windows 10
• Android
• iOS

For which types of devices can you create VPN pro�les in Microsoft Intune admin center?

A. Windows 10 only

B. Windows 10 and Android only

C. Windows 10 and iOS only

D. Android and iOS only

  BJS78 2 weeks, 2 days ago
Correct
E. Windows 10, Android, and iOS
upvoted 1 times

Correct Answer: D

Community vote distribution

E (100%)

  Fortind1974 Highly Voted  1 month ago

Selected Answer: E
E. Windows 10, Android, and iOS

https://learn.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure#step-2---create-the-profile
upvoted 11 times

  VirtualJP Most Recent  11 hours, 19 minutes ago

Selected Answer: E
I go with E too
upvoted 1 times

  Rocky83 4 days, 8 hours ago

Selected Answer: E
Should be E
upvoted 1 times

10 of 14 12/10/2023, 22:07
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics about:blank

- Expert Veri�ed, Online, Free.

 Custom View Settings

Question #142 Topic 1

Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.

You implement hybrid Azure AD and Microsoft Intune.

You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize
administrative effort.

What should you use?

A. an Autodiscover address record

B. a Group Policy object (GPO)

C. an Autodiscover service connection point (SCP)

D. a Windows Autopilot deployment pro�le

Correct Answer: D

Community vote distribution

B (100%)

  Fortind1974 Highly Voted  1 month ago

Selected Answer: B
B. a Group Policy object (GPO)

https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
upvoted 11 times

  BJS78 Most Recent  2 weeks, 2 days ago

GPO and Autopilot both can do it, but as we migrate prod devices, it is quite possible we don't want to reset the devices, so this way "B" is better.
upvoted 1 times

1 of 9 12/10/2023, 22:08
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics about:blank

Question #143 Topic 1

HOTSPOT
-

You have two computers that run Windows 10. The computers are enrolled in Microsoft Intune as shown in the following table.

Windows 10 update rings are de�ned in Intune as shown in the following table.

You assign the update rings as shown in the following table.

What is the effect of the con�gurations on Computer1 and Computer2? To answer, select the appropriate options in the answer area.

Correct Answer:

  BJS78 2 weeks, 2 days ago

Correct. Computer2 got excluded from both rings due to dual group membership.
upvoted 1 times

2 of 9 12/10/2023, 22:08
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics about:blank

Question #144 Topic 1

HOTSPOT
-

You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

You need to con�gure an Intune device con�guration pro�le to meet the following requirements:

• Prevent Microsoft O�ce applications from launching child processes.

• Block users from transferring �les over FTP.

Which two settings should you con�gure in the Endpoint protection con�guration pro�le? To answer, select the appropriate settings in the answer
area.

NOTE: Each correct selection is worth one point.

4 of 9 12/10/2023, 22:08
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics about:blank

Question #145 Topic 1

You have Answer:

Correct following types of devices enrolled in Microsoft Intune:
• Windows 10
• Android
• iOS

For which types of devices can you create VPN pro�les in Microsoft Intune admin center?

A. Windows 10 only

B. Windows 10 and Android only

C. Windows 10 and iOS only

D. Android and iOS only

  BJS78 2 weeks, 2 days ago
Correct
E. Windows 10, Android, and iOS
upvoted 1 times

Correct Answer: D

Community vote distribution

E (100%)

  Fortind1974 Highly Voted  1 month ago

Selected Answer: E
E. Windows 10, Android, and iOS

https://learn.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure#step-2---create-the-profile
upvoted 11 times

  VirtualJP Most Recent  11 hours, 21 minutes ago

Selected Answer: E
I go with E too
upvoted 1 times

  Rocky83 4 days, 8 hours ago

Selected Answer: E
Should be E
upvoted 1 times

5 of 9 12/10/2023, 22:08
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics about:blank

Question #146 Topic 1

You are creating a device con�guration pro�le in Microsoft Intune.

You need to con�gure speci�c OMA-URI settings in the pro�le.

Which pro�le type template should you use?

A. Device restrictions (Windows 10 Team)

B. Identity protection

C. Custom

D. Device restrictions

Correct Answer: C

  BJS78 2 weeks, 2 days ago

Correct
upvoted 2 times

6 of 9 12/10/2023, 22:08
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics about:blank

Question #147 Topic 1

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.

You create a policy set named Set1 as shown in the exhibit. (Click the Exhibit tab.)

7 of 9 12/10/2023, 22:08
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

- Expert Veri�ed, Online, Free.

 Custom View Settings

Question #146 Topic 1

You are creating a device con�guration pro�le in Microsoft Intune.

You need to con�gure speci�c OMA-URI settings in the pro�le.

Which pro�le type template should you use?

A. Device restrictions (Windows 10 Team)

B. Identity protection

C. Custom

D. Device restrictions

Correct Answer: C

  BJS78 2 weeks, 2 days ago

Correct
upvoted 2 times

1 of 4 12/10/2023, 22:10
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Question #147 Topic 1

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.

You create a policy set named Set1 as shown in the exhibit. (Click the Exhibit tab.)

You enroll devices in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

2 of 4 12/10/2023, 22:10
MD-102 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/microsoft/md-102/custom-view/

Correct Answer:

  Sprocket10 1 day, 10 hours ago

Correct
upvoted 2 times

3 of 4 12/10/2023, 22:10

SC 300
No ratings yet
SC 300
40 pages
MS-102 Questions
No ratings yet
MS-102 Questions
107 pages
MD-102 Exam Dumps
No ratings yet
MD-102 Exam Dumps
202 pages
MS-102 Exam Dumps
No ratings yet
MS-102 Exam Dumps
222 pages
Simulado Completo MD-102 1
No ratings yet
Simulado Completo MD-102 1
275 pages
MS-102 2023
100% (2)
MS-102 2023
625 pages
Az 104 Exam Compress
100% (1)
Az 104 Exam Compress
225 pages
MS 102 Questions
No ratings yet
MS 102 Questions
8 pages
SC-900 Exam - Free Actual Q&As, Page 1 - ExamTopics
0% (1)
SC-900 Exam - Free Actual Q&As, Page 1 - ExamTopics
59 pages
ValidMicrosoftAZ 104ExamDumps2024
No ratings yet
ValidMicrosoftAZ 104ExamDumps2024
5 pages
Az 104
100% (1)
Az 104
217 pages
MD 102
100% (1)
MD 102
225 pages
MD-102 Exam Simulation
100% (2)
MD-102 Exam Simulation
77 pages
MD-102 Dump
100% (2)
MD-102 Dump
152 pages
MS-102 (221 Questions)
No ratings yet
MS-102 (221 Questions)
12 pages
MD-102 Exam - Free Actual Q&as, Page 2 - ExamTopics
No ratings yet
MD-102 Exam - Free Actual Q&as, Page 2 - ExamTopics
45 pages
MS-102 Exam - Free Actual Q&As, Page 1 - ExamTopics
No ratings yet
MS-102 Exam - Free Actual Q&As, Page 1 - ExamTopics
256 pages
MD 102
100% (2)
MD 102
97 pages
MS 101 PDF
No ratings yet
MS 101 PDF
105 pages
MD 102 Questions
No ratings yet
MD 102 Questions
6 pages
Az 800
100% (1)
Az 800
75 pages
Expert Veri+ed, Online, Free.: Topic 1 - Question Set 1
100% (2)
Expert Veri+ed, Online, Free.: Topic 1 - Question Set 1
183 pages
SC-300 PrepAway
No ratings yet
SC-300 PrepAway
81 pages
Exam+MS700+Managing+Microsoft+Teams+Questions+&+Answers+2 2
No ratings yet
Exam+MS700+Managing+Microsoft+Teams+Questions+&+Answers+2 2
54 pages
Build Mobile Apps With Ionic and Firebase Sample
No ratings yet
Build Mobile Apps With Ionic and Firebase Sample
43 pages
MD-102 Exam - Free Actual Q&as, Page 1 - ExamTopics
No ratings yet
MD-102 Exam - Free Actual Q&as, Page 1 - ExamTopics
53 pages
MD 102
No ratings yet
MD 102
10 pages
MD 102
100% (2)
MD 102
142 pages
md-102 7
No ratings yet
md-102 7
18 pages
Microsoft - MD-102.vFeb-2024.by .Rina .114q
100% (1)
Microsoft - MD-102.vFeb-2024.by .Rina .114q
107 pages
(Oct-2023) New PassLeader MD-102 Exam Dumps
No ratings yet
(Oct-2023) New PassLeader MD-102 Exam Dumps
7 pages
MS-102 Microsoft Updated Practice Questions
100% (1)
MS-102 Microsoft Updated Practice Questions
67 pages
MD 102 Demo
100% (1)
MD 102 Demo
15 pages
AZ-104 - Microsoft - Certleader.az-104.dumps.2022-Apr-15.by - Andy.369q.vce
No ratings yet
AZ-104 - Microsoft - Certleader.az-104.dumps.2022-Apr-15.by - Andy.369q.vce
13 pages
Microsoft Ucertify ms-900 Rapidshare 2023-May-08 by Horace 139q Vce
No ratings yet
Microsoft Ucertify ms-900 Rapidshare 2023-May-08 by Horace 139q Vce
10 pages
MS-102 Exam Part 3
100% (1)
MS-102 Exam Part 3
43 pages
MD-102 Endpoint Administrator Updated Dumps
No ratings yet
MD-102 Endpoint Administrator Updated Dumps
59 pages
Microsoft - Az 104.VDec 2023.by .Jack .206q
100% (1)
Microsoft - Az 104.VDec 2023.by .Jack .206q
212 pages
Ms 101
No ratings yet
Ms 101
244 pages
Sample
No ratings yet
Sample
57 pages
MD 102T00 ENU PowerPoint 08
No ratings yet
MD 102T00 ENU PowerPoint 08
55 pages
MS 500 PDF
No ratings yet
MS 500 PDF
188 pages
Exam Sheet
No ratings yet
Exam Sheet
78 pages
AZ-104 Exam - Com Respostas
100% (1)
AZ-104 Exam - Com Respostas
208 pages
AZ 104 Demo
No ratings yet
AZ 104 Demo
12 pages
Website: Vce To PDF Converter: Facebook: Twitter:: Sc-300.Vceplus - Premium.Exam.52Q
No ratings yet
Website: Vce To PDF Converter: Facebook: Twitter:: Sc-300.Vceplus - Premium.Exam.52Q
42 pages
MS 101 Examcollection - Premium.exam.209q
100% (1)
MS 101 Examcollection - Premium.exam.209q
194 pages
Microsoft Exambible sc-300 Simulations 2024-May-22 by Clement 137q Vce
No ratings yet
Microsoft Exambible sc-300 Simulations 2024-May-22 by Clement 137q Vce
23 pages
MS-102 Bootcamp Workbook
100% (1)
MS-102 Bootcamp Workbook
114 pages
MS 900 Demo PDF
No ratings yet
MS 900 Demo PDF
11 pages
SC 900
No ratings yet
SC 900
49 pages
AZ-305 Exam - Free Actual Q&As
No ratings yet
AZ-305 Exam - Free Actual Q&As
6 pages
Microsoft MD 102 Dumpshq Actual Questions by George 29 01 2024 11qa
No ratings yet
Microsoft MD 102 Dumpshq Actual Questions by George 29 01 2024 11qa
19 pages
Az-104 Et
No ratings yet
Az-104 Et
54 pages
AZ 104T00A ENU PowerPoint - 00
No ratings yet
AZ 104T00A ENU PowerPoint - 00
17 pages
Exam SC 900 Microsoft Security Compliance and Identity Fundamentals Skills Measured
No ratings yet
Exam SC 900 Microsoft Security Compliance and Identity Fundamentals Skills Measured
8 pages
MS-102-Dec 2024
No ratings yet
MS-102-Dec 2024
351 pages
Microsoft - Vceup .MS 900.24 June 2022
No ratings yet
Microsoft - Vceup .MS 900.24 June 2022
139 pages
AZ-104 Exam - Free Actual Q&as, Page 2 - ExamTopics-An
0% (1)
AZ-104 Exam - Free Actual Q&as, Page 2 - ExamTopics-An
8 pages
Microsoft AZURE® AZ-104 Administrator Practice Tests
From Everand
Microsoft AZURE® AZ-104 Administrator Practice Tests
iCertify Training
No ratings yet
Active Directory Rights Management Services A Clear and Concise Reference
From Everand
Active Directory Rights Management Services A Clear and Concise Reference
Gerardus Blokdyk
No ratings yet
Power Bi in An Hour
No ratings yet
Power Bi in An Hour
39 pages
A Semantic Approach To English Grammar 2nd Edition
No ratings yet
A Semantic Approach To English Grammar 2nd Edition
67 pages
Fourth Quarter Exam CSS 11
No ratings yet
Fourth Quarter Exam CSS 11
4 pages
20 Tips To Increase Battery Life of Your Laptop PDF
No ratings yet
20 Tips To Increase Battery Life of Your Laptop PDF
4 pages
Installation of Ganglia
No ratings yet
Installation of Ganglia
8 pages
CDS v2.7 QuickReferenceSheet en
No ratings yet
CDS v2.7 QuickReferenceSheet en
2 pages
Logs Rio
No ratings yet
Logs Rio
884 pages
Log 1
No ratings yet
Log 1
1,673 pages
Exercise 2
No ratings yet
Exercise 2
3 pages
RH318
No ratings yet
RH318
1 page
OpenVPN Setup Via GUI in Ubuntu 18 - IPVanish
No ratings yet
OpenVPN Setup Via GUI in Ubuntu 18 - IPVanish
20 pages
Installing VMware Workstation Pro
No ratings yet
Installing VMware Workstation Pro
5 pages
Termux PDF
No ratings yet
Termux PDF
9 pages
VMKnoppix x86 20080213e
No ratings yet
VMKnoppix x86 20080213e
6 pages
Guide Installation DFW Reseau
No ratings yet
Guide Installation DFW Reseau
23 pages
NN44400-713 01.03 FAULT Event Codes
No ratings yet
NN44400-713 01.03 FAULT Event Codes
510 pages
Logcat 1730103692534
No ratings yet
Logcat 1730103692534
36 pages
SOP of Bootable Pendrive Ver. 23H2
No ratings yet
SOP of Bootable Pendrive Ver. 23H2
12 pages
R PT Builder Log
No ratings yet
R PT Builder Log
3 pages
TLE 3rd Quarte EXAMINATION
No ratings yet
TLE 3rd Quarte EXAMINATION
2 pages
WPRoyalty Resources Booklet
No ratings yet
WPRoyalty Resources Booklet
13 pages
FortiNAC 9.4.0 Admin Guide
No ratings yet
FortiNAC 9.4.0 Admin Guide
905 pages
ECS - ECS Upgrade Procedures-ECS 2.0.x.x To 2.1.x.x Operating System Offline Update
No ratings yet
ECS - ECS Upgrade Procedures-ECS 2.0.x.x To 2.1.x.x Operating System Offline Update
18 pages
HiLook Mobile App Quick Setup Guide v3.0 - March 2019 1
No ratings yet
HiLook Mobile App Quick Setup Guide v3.0 - March 2019 1
2 pages
Arcon Pam Lite
No ratings yet
Arcon Pam Lite
7 pages
Group Policy Administrator User Guide
No ratings yet
Group Policy Administrator User Guide
266 pages
ShareX Log 2024 10
No ratings yet
ShareX Log 2024 10
12 pages
Apus Manual
No ratings yet
Apus Manual
40 pages
BH423PCL6Winx64 1600ES
No ratings yet
BH423PCL6Winx64 1600ES
21 pages