This page was exported from IT certification exam materials [ http://blog.dumpleader.com ] Export date:Fri Jan 31 17:50:10 2025 / +0000 GMT ___________________________________________________ Title: Pass MD-101 Exam with Updated MD-101 Exam Dumps PDF 2023 [Q68-Q91] --------------------------------------------------- Pass MD-101 Exam with Updated MD-101 Exam Dumps PDF 2023 MD-101 Exam Dumps - Free Demo & 365 Day Updates Microsoft MD-101 Exam covers a wide range of topics, including managing device policies and profiles, managing apps and data, managing security and compliance, and managing updates and endpoints. It also includes the configuration and management of Microsoft 365 services, such as Exchange, SharePoint, and Teams. Passing MD-101 exam demonstrates that the candidate has the knowledge and skills required to deploy, configure, secure, manage, and monitor modern desktops and devices in an enterprise environment. Managing Modern Desktops certification is highly valued by employers as it validates the expertise of IT professionals in managing modern desktops and devices using Microsoft technologies.   QUESTION 68You have a Microsoft 365 subscription.You plan to use Conditional Access policies.You need to identify which scenarios the policies will support.Which two scenarios should you identify? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.  Enforce multi-factor authentication (MFA) when users access a Microsoft Office 365 service.  Force users to renew an expired SSL certificate.  Force users to update Windows Defender definition files before they sign in to Microsoft Office 365.  Block users from using legacy authentication when signing in to Microsoft Exchange Online.  Force users to install the latest Windows and Microsoft Office updates before they sign in to Office 365. ExplanationA: Conditional Access allows administrators to control what Office 365 apps users can gain access to based on if they pass/fail certain conditions. These conditions are enforced by building a policy (or multiple policies) to control how users access your Office 365 resources.Cloud Apps- What apps do you want to control? Conditional Access does not need to apply to all of Office365, you can be more granular and just control access to specific apps – E.g. Exchange Online.Access can be allowed to Office 365 with the following conditions:* Require multi-factor authentication – User is allowed in but will need to complete additional security to log in.* Etc.D: The easiest way to block legacy authentication across your entire organization is by configuring a Conditional Access policy that applies specifically to legacy authentication clients and blocks access.Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authenticationhttps://doQUESTION 69Your company has a Microsoft Azure Active Directory (Azure AD) tenant.The company uses Microsoft Intune to manage iOS, Android, and Windows 10 devices.The company plans to purchase 1,000 iOS devices. Each device will be assigned to a specific user.You need to ensure that the new iOS devices are enrolled automatically in Intune when the assigned user signs in for the first time.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – Add a Device Enrollment program(DEP) token.2 – Create an Apple enrollment profile.3 – Assign an enrollment profile.Reference:https://docs.microsoft.com/en-us/intune/device-enrollment-program-enroll-iosQUESTION 70Your company has a main office and six branch offices. The branch offices connect to the main office by using a WAN link.All offices have a local Internet connection and a Hyper-V host cluster. The company has a Microsoft System Center Configuration Manager deployment. The main office is the primary site.Each branch has a distribution point. All computers that run Windows 10 are managed by using both Configuration Manager and Microsoft Intune.You plan to deploy the latest build of Microsoft Office 365 ProPlus to all the computers.You need to minimize the amount of network traffic on the company’s Internet links for the planned deployment.What should you include in the deployment plan?  From Intune, configure app assignments for the Office 365 ProPlus suite.In each office, copy the Office 365 distribution files to a Microsoft Deployment Toolkit (MDT) deployment share.  From Intune, configure app assignments for the Office 365 ProPlus suite.In each office, copy the Office 365 distribution files to a Configuration Manager distribution point.  From Configuration Manager, create an application deployment.Copy the Office 365 distribution files to a Configuration Manager cloud distribution point.  From Configuration Manager, create an application deployment.In each office, copy the Office 365 distribution files to a Configuration Manager distribution point. https://docs.microsoft.com/en-us/deployoffice/deploy-office-365-proplus-with-system-center- configurationmanager-2012r2#distribute-the-office-365-proplus-application-to-distribution-points- in-configuration-managerQUESTION 71Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.Solution: From the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for Business enrollment options.Does this meet the goal?  Yes  No Hello for Business is an alternative sign-in method that uses Active Directory or an Azure Active Directory account to replace a password, smart card, or a virtual smart card. It lets you use a user gesture to sign in, instead of a password. A user gesture might be a PIN, biometric authentication such as Windows Hello, or an external device such as a fingerprint reader.Intune integrates with Hello for Business in two ways:An Intune policy can be created under Device enrollment. This policy targets the entire organization (tenant-wide). It supports the Windows AutoPilot out-of-box-experience (OOBE) and is applied when a device enrolls.An identity protection profile can be created under Device configuration. This profile targets assigned users and devices, and is applied during check-in.Reference:https://docs.microsoft.com/en-us/intune/protect/windows-helloQUESTION 72Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 500 laptops that run Windows 8.1 Professional. The users of the laptops work from home.Your company uses Microsoft Intune, the Microsoft Deployment Toolkit (MDT), and Windows Configuration Designer to manage client computers.The company purchases 500 licenses for Windows 10 Enterprise.You verify that the hardware and applications on the laptops are compatible with Windows 10.The users will bring their laptop to the office, where the IT department will deploy Windows 10 to the laptops while the users wait.You need to recommend a deployment method for the laptops that will retain their installed applications. The solution must minimize how long it takes to perform the deployment.What should you include in the recommendation?  an in-place upgrade  a clean installation by using a Windows Configuration Designer provisioning package  Windows AutoPilot  a clean installation and the User State Migration Tool (USMT)References:https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios#in-place-upgrade QUESTION 73Your company has a System Center Configuration Manager deployment that uses hybrid mobile devicemanagement (MDM). All Windows 10 devices are Active Directory domain-joined.You plan to migrate from hybrid MDM to Microsoft Intune standalone.You successfully run the Intune Data Importer tool.You need to complete the migration.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  In Intune, add a device enrollment manager (DEM).  Change the tenant MDM authority to Intune.  Assign all users Intune licenses.  Create a new Intune tenant. ExplanationReferences:https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-hybridmdm-to-intunesahttps://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-prepare-intunehttps://docs.microsoft.com/en-us/sccm/mdm/deploy-use/change-mdm-authorityQUESTION 74You have a Microsoft 365 subscription.All computers are enrolled in Microsoft Intune.You have business requirements for securing your Windows 10 environment as shown in the following table.What should you implement to meet each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReference:https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/advanced-threat-protection.mdQUESTION 75Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription.Contoso.com contains a user named user1@contoso.com.You have a computer named Computer1 that runs Windows 8.1.You need to perform an in-place upgrade of Computer1 to Windows 10.Solution: You start Computer1 from the Windows 10 installation media and use the Install option.Does this meet the goal?  Yes  No QUESTION 76You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory(Azure AD) and enrolled in Microsoft Intune.You need to ensure that only applications that you explicitly allow can run on the computers.What should you use?  Windows Defender Credential Guard  Windows Defender Exploit Guard  Windows Defender Application Guard  Windows Defender Antivirus. Reference:https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guardvbased-security-and-windows-defender-application-controlQUESTION 77Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to ensure that feature and quality updates install automatically during a maintenance window.Solution: From the Windows Update settings, you enable Configure Automatic Updates, select3 ?Auto download and notify for Install, and then enter a time.Does this meet the goal?  Yes  No https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updatesQUESTION 78You have a hybrid Microsoft Azure Active Directory (Azure AD) tenant.You configure a Windows Autopilot deployment profile as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Explanation:References:https://docs.microsoft.com/en-us/intune/enrollment-autopilotQUESTION 79You need to meet the OOBE requirements for Windows AutoPilot.Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point. ExplanationReference:https://blogs.msdn.microsoft.com/sgern/2018/10/11/intune-intune-and-autopilot-part-3-preparing-your-environmhttps://blogs.msdn.microsoft.com/sgern/2018/11/27/intune-intune-and-autopilot-part-4-enroll-your-first-device/QUESTION 80You have a Microsoft 365 subscription.You have a conditional access policy that requires multi-factor authentication (MFA) for users in a group name Sales when the users sign in from a trusted location. The policy is configured as shown in the exhibit. (Click the Exhibit tab.)You create a compliance policy.You need to ensure that the users are authenticated only if they are using a compliant device.What should you configure in the conditional access policy?  a condition  a session control  a cloud app  a grant control The device state condition can be used to exclude devices that are hybrid Azure AD joined and/or devices marked as compliant with a Microsoft Intune compliance policy from an organization’s Conditional Access policies.Device state is located on the Condition tab.Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access- conditions#device-stateQUESTION 81Your company has a computer named Computer1 that runs Windows 10 Pro.The company develops a proprietary Universal Windows Platform (UWP) app named App1. App1 is signed with a certificate from a trusted certification authority (CA).You need to sideload App1 to Computer1.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://www.windowscentral.com/how-enable-windows-10-sideload-apps-outside-storehttps://docs.microsoft.com/en-us/windows/application-management/sideload-apps-in-windows-10QUESTION 82You need to meet the technical requirements for the new HR department computers.How should you configure the provisioning package? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-accountsQUESTION 83You have a Microsoft 365 subscription.You need to configure access to Microsoft Office 365 for unmanaged devices. The solution must meet the following requirements:* Allow only the Microsoft Intune Managed Browser to access Office 365 web interfaces.* Ensure that when users use the Intune Managed Browser to access Office 365 web interfaces, they can only copy data to applications that are managed by the company.Which two settings should you configure from the Microsoft Intune blade? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point. ExplanationReferences:https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser#application-protection-policies-forQUESTION 84You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.User1 can access her Microsoft Exchange Online mailbox from both Device 1 and Device2.You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:* Assignments* Users or workload identities: User1* Cloud apps or actions: Office 365 Exchange Online* Access controls* Grant: Block accessYou need to configure CAPolicy1 to allow mailbox access from Device 1 but block mailbox access from Device2.Solution: You add a condition that specifies device platforms.Does this meet the goal?  Yes  No Instead use solution: You add a condition to filter for devices.Note: Conditional Access: Filter for devicesWhen creating Conditional Access policies, administrators have asked for the ability to target or exclude specific devices in their environment. The condition filter for devices gives administrators this capability. Now you can target specific devices using supported operators and properties for device filters and the other available assignment conditions in your Conditional Access policies.QUESTION 85Your network contains an Active Directory domain named constoso.com that is synced to Microsoft Azure Active Directory (Azure AD). All computers are enrolled in Microsoft Intune.The domain contains the computers shown in the following table.You are evaluating which Intune actions you can use to reset the computers to run Windows 10 Enterprise with the latest update.Which computers can you reset by using each action? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/intune/device-fresh-starthttps://docs.microsoft.com/en-us/intune/devices-wipeQUESTION 86You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.You create a workspace in Microsoft Azure Log Analytics.You need to capture the event logs from the computers to Azure.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windowsQUESTION 87For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationText Description automatically generatedQUESTION 88Yourcompany has an internal portal that uses a URL of http://contoso.com.The network contains computers that run Windows 10. The default browser on all the computers is MicrosoftEdge.You need to ensure that all users only use Internet Explorer to connect to the internal portal. The solution mustensure that Microsoft Edge can be used to connect to all other websites.What should you do from each computer?  From Internet Explorer, configure the Compatibility View settings  From the local policy, configure Enterprise Mode  From Microsoft Edge, configure the Advanced Site Settings  From the Settings app, configure the default web browser settings Reference:https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibilityQUESTION 89You have a Microsoft 365 subscription.All computers are enrolled in Microsoft Intune.You have business requirements for securing your Windows 10 environment as shown in the following table.What should you implement to meet each requirement? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReference:https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/advanced-threat-protection.mdQUESTION 90Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have morethan one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices andWindows 10 Pro devices.From Microsoft Intune, you create a device configuration profile named Profile1.You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.Solution: You create an Azure Active Directory group that contains only the Windows 10 Enterprise devices.You assign Profile1 to the new group.Does this meet the goal?  Yes  No Reference:https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-createQUESTION 91Your company has an infrastructure that has the following:* A Microsoft 365 tenant* An Active Directory forest* Microsoft Store for Business* A Key Management Service (KMS) server* A Windows Deployment Services (WDS) server* A Microsoft Azure Active Directory (Azure AD) Premium tenantThe company purchases 100 new computers that run Windows 10.You need to ensure that the new computers are joined automatically to Azure AD by using Windows AutoPilot.What should you use? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReference:https://docs.microsoft.com/en-us/intune/enrollment-autopilot Loading … To prepare for the Microsoft MD-101 certification exam, Microsoft recommends that candidates have experience with Windows 10 deployment and management, as well as experience with cloud-based service concepts and device management. Candidates can also take advantage of Microsoft's official training courses, practice tests, and study materials to help them prepare for the exam. Passing the MD-101 exam demonstrates your expertise in modern desktop management and can help you advance your career as an IT professional.   MD-101 Dumps - Pass Your Certification Exam: https://www.dumpleader.com/MD-101_exam.html --------------------------------------------------- Images: https://blog.dumpleader.com/wp-content/plugins/watu/loading.gif https://blog.dumpleader.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-11-13 11:26:38 Post date GMT: 2023-11-13 11:26:38 Post modified date: 2023-11-13 11:26:38 Post modified date GMT: 2023-11-13 11:26:38