Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows
10. You implement hybrid Azure AD and Microsoft Intune.
You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune.
The solution must minimize administrative effort.
What should you use?

• A.a Group Policy object (GPO)
• B.an Autodiscover service connection point (SCP)
• C.an Autodiscover address record
• D.a Windows Autopilot deployment profile

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).
There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.
You plan to implement Microsoft Defender Exploit Guard.
You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml#manage-or-deploy-a-configuration
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection

Comment: *

Name: *

Email: *

Verification: *

You have an Azure AD tenant named contoso.com.
You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com.
What should you configure?

• A.Windows Autopilot
• B.provisioning packages for Windows
• C.Security defaults in Azure AD
• D.Device settings in Azure AD

Comment: *

Name: *

Email: *

Verification: *

You have an Azure AD tenant that contains the users shown in the following table.

You have the devices shown in the following table.

You have a Conditional Access policy named CAPolicy1 that has the following settings:
* Assignments
o Users or workload identities: User 1. User1
o Cloud apps or actions: Office 365 Exchange Online
o Conditions: Device platforms: Windows, iOS
* Access controls
o Grant Require multi-factor authentication
You have a Conditional Access policy named CAPolicy2 that has the following settings:
Assignments
o Users or workload identities: Used, User2
o Cloud apps or actions: Office 365 Exch
o Conditions
* Device platforms: Android, iOS
* Filter for devices
* Device matching the rule: Exclude filtered devices from policy
* Rule syntax: device. displayName- contains "1"
* Access controls
* Grant Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You have an Azure AD group named Group1. Group! contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign Profile! to Group1. You need to ensure that Profile! applies to Device1 only. What should you modify in Profile 1?

• A.Assignments
• B.Settings
• C.Scope (Tags)
• D.Applicability Rules

Comment: *

Name: *

Email: *

Verification: *