Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).
There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.
You plan to implement Microsoft Defender Exploit Guard.
You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml#manage-or-deploy-a-configuration
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection

Comment: *

Name: *

Email: *

Verification: *

Your company has an infrastructure that has the following:
* A Microsoft 365 tenant
* An Active Directory forest
* Microsoft Store for Business
* A Key Management Service (KMS) server
* A Windows Deployment Services (WDS) server
* A Microsoft Azure Active Directory (Azure AD) Premium tenant
The company purchases 100 new computers that run Windows 10.
You need to ensure that the new computers are joined automatically to Azure AD by using Windows AutoPilot.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/intune/enrollment-autopilot

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All Windows 10 devices are enrolled in Microsoft Intune.
You configure the following settings in Windows Information Protection (WIP):
* Protected apps: App1
* Exempt apps: App2
* Windows Information Protection mode: Silent
App1, App2, and App3 use the same file format.
You create a file named File1 in App1.
You need to identify which apps can open File1.
What apps should you identify? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 subscription.
Users have iOS devices that are not enrolled in Microsoft 365 Device Management.
You create an app protection policy for the Microsoft Outlook app as shown in the exhibit. (Click the Exhibit tab.)

You need to configure the policy to meet the following requirements:
Prevent the users from using the Outlook app if the operating system version is less than 12.0.0.
Require the users to use an alphanumeric passcode to access the Outlook app.
What should you configure in an app protection policy for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

References:
https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios

Comment: *

Name: *

Email: *

Verification: *

You have a hybrid Microsoft Azure Active Directory (Azure AD) tenant, a Microsoft System Center Configuration Manager (Current Branch) environment, and a Microsoft 365 subscription.
You have computers that run Windows 10 as shown in the following table.

You plan to use Microsoft 365 Device Management.
Which computers support co-management by Configuration Manager and Device Management?

• A.Computer1, Computer2, and Computer3
• B.Computer3 only
• C.Computer1 and Computer2 only
• D.Computer2 only

Comment: *

Name: *

Email: *

Verification: *