MD-102 Braindumps PDF, Microsoft MD-102 Exam Cram
New 2026 MD-102 Sample Questions Reliable MD-102 Test Engine
Microsoft MD-102 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 138
You have a Microsoft 365 subscription.
You need provide a user the ability to disable Security defaults and principle of least privilege.
Which role should you assign to the user?
- A. Intune Administrator
- B. Global Administrator
- C. Conditional Access Administrator
- D. Security Administrator
Answer: C
Explanation:
Explanation
To enable or disable security defaults in your directory, sign in to theAzure portalas a security administrator, Conditional Access administrator, or global administrator.
Note: Conditional Access Administrator
Users with this role have the ability to manage Azure Active Directory Conditional Access settings.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
NEW QUESTION # 139
You have the device configuration profile shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Users can only access URLs that start with https://contoso.com/ Windows 10 and later devices can have multiple Microsoft Edge instances that each has a single tab he device configuration profile shown in the exhibit is a kiosk browser profile that configures Microsoft Edge to run in kiosk mode. The profile has the following settings:
Kiosk mode: Enabled
Kiosk type: Multi-app
Allowed URLs: https://contoso.com/*
Address bar: Disabled
These settings mean that users can only access URLs that start with https://contoso.com/ and cannot view the address bar in Microsoft Edge. The kiosk type of Multi-app allows users to open multiple instances of Microsoft Edge, but each instance can only have a single tab. Therefore, users cannot access any URL, cannot view the address bar in Microsoft Edge, and can have multiple Microsoft Edge instances that each has a single tab. References:
https://docs.microsoft.com/en-us/mem/intune/configuration/kiosk-settings#kiosk-browser-settings
NEW QUESTION # 140
In Microsoft Intune, you have the device compliance policies shown in the following table.
The Intune compliance policy settings are configured as shown in the following exhibit.
On June 1, you enroll Windows 10 devices in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 141
You have computers that run Windows 10, are joined to Azure Active Directory (Azure AD), and are enrolled in Microsoft Intune.
You have an Azure web app named App1. App1 only allows connections over HTTPS. App1 uses a certificate from an on-premises certification authority (CA).
You need to ensure that the computers can connect to App1 from Microsoft Edge.
Which type of device configuration profile should you create in Microsoft Endpoint Manager?
- A. trusted certificate
- B. imported public key pair (PKCS) certificate
- C. public key pair (PKCS) certificate
- D. Simple Certificate Enrollment Protocol (SCEP) certificate
Answer: D
Explanation:
Intune supports use of the Simple Certificate Enrollment Protocol (SCEP) to authenticate connections to your apps and corporate resources.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
NEW QUESTION # 142
You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is enrolled in Microsoft Intune.
You need to configure the devices to run a single app in kiosk mode.
Which Configuration settings should you modify in the device restrictions profile?
- A. Users and Accounts
- B. Device experience
- C. General
- D. System security
Answer: B
Explanation:
Currently Intune has
Home > Android > Configuration Profiles > Device Restrictions > Device Experience":
"Enrollment type - Dedicated" and "Kiosk Mode - Single App"-work
NEW QUESTION # 143
You have a Hyper-V host. The host contains virtual machines that run Windows 10 as shown in following table.
Which virtual machines can be upgraded to Windows 11?
- A. VM1.VM2. andVM3
- B. VM2 only
- C. VM1 only
- D. VM2 and VM3 only
Answer: D
Explanation:
Explanation
Windows 11 has certain hardware requirements that must be met in order to upgrade from Windows 10. Some of these requirements are as follows:
A processor with at least 1 GHz
A system firmware that supports
A Trusted Platform Module (TPM)
At least 4 GB of system memory (RAM).
At least 64 GB of storage space.
In this scenario, the virtual machines that run Windows 10 have the following specifications:
VM1 is a generation 1 virtual machine with no virtual TPM, 4 virtual processors, and 16 GB of memory.
VM2 is a generation 2 virtual machine with a virtual TPM, 2 virtual processors, and 4 GB of memory.
VM3 is a generation 2 virtual machine with a virtual TPM, 1 virtual processor, and 8 GB of memory.
VM1 cannot be upgraded to Windows 11 because it does not have a virtual TPM and it is not a generation 2 virtual machine. Generation 1 virtual machines do not support UEFI and Secure Boot, which are required for Windows 11. VM2 and VM3 can be upgraded to Windows 11 because they have a virtual TPM and they are generation 2 virtual machines. They also meet the minimum requirements for processor speed, cores, memory, and storage space.
NEW QUESTION # 144
Your network contains an Active Directory domain named adatum.com, a workgroup, and computers that run Windows 10. The computers are configured as shown in the following table.
The local Administrator accounts on Computed, Computed, and Computed have the same user name and password.
On Computed. Windows Defender Firewall is configured as shown in the following exhibit.
Answer:
Explanation:
Explanation:
NEW QUESTION # 145
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.
Which users can download the Office customization file from the admin center?
- A. Admin1, Admin2, and Admin3 only
- B. Admin3 and Admin4 only
- C. Admin1, Admin2, Admin3. and Admin4
- D. Admin1 and Admin3 only
- E. Admin3 only
Answer: A
Explanation:
* Admin1
An application admin has full access to enterprise applications, applications registrations, and application proxy settings.
* Admin2
Mark your app as publisher verified.
In Azure AD this user must be a member of one of the following roles: Application Admin, Cloud Application Admin, or Global Admin.
* Admin3
Office Apps admin - Assign the Office Apps admin role to users who need to do the following:
- Use the Office cloud policy service to create and manage cloud-based policies for Office
- Create and manage service requests
- Manage the What's New content that users see in their Office apps
- Monitor service health
Reference:
Office Apps admin - Assign the Office Apps admin role to users who need to do the following
https://docs.microsoft.com/en-us/azure/active-directory/develop/mark-app-as-publisher-verified
NEW QUESTION # 146
You have a Microsoft 365 subscription that contains 1,000 Android devices enrolled in Microsoft Intune. You create an app configuration policy that contains the following settings:
* Device enrollment type: Managed devices
* Profile Type: All Profile Types
* Platform: Android Enterprise
Which two types of apps can be associated with the policy? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Managed Google Play store app
- B. Android store app
- C. Android Enterprise system app
- D. Built-in Android app
- E. Web link
Answer: A,C
NEW QUESTION # 147
You have a Microsoft Intune subscription.
You are creating a Windows Autopilot deployment profile named Profile1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Can modify the desktop settings only for themselves
Keyboard Layout
NEW QUESTION # 148
Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure AD.
A user named User! uses the domain-joined devices shown in the following table.
In the Microsoft Entra admin center, you assign a Windows 11 Enterprise E5 license to User1.
You need to identify what will occur when User1 next signs in to the devices.
What should you identify for each device? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Device 1:
Will activate as Windows 11 Enterprise. According to Deploy Windows Enterprise licenses, Windows 11 Enterprise E5 license is a subscription license that can be assigned to users who have a supported and licensed version of Windows 10 Pro or Windows 11 Pro. Device 1 has Windows 11 Pro, so it meets the requirement.
When User1 signs in to Device 1 with their Azure AD account, the device will automatically activate as Windows 11 Enterprise without changing the edition.
Will not activate as Windows 11 Enterprise. According to Deploy Windows Enterprise licenses, Windows 11 Enterprise E5 license is a subscription license that can be assigned to users who have a supported and licensed version of Windows 10 Pro or Windows 11 Pro. Device 2 has Windows 10 Home, so it does not meet the requirement. When User1 signs in to Device 2 with their Azure AD account, the device will not activate as Windows 11 Enterprise by subscription.
NEW QUESTION # 149
Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection. The company's security policy states the following:
* Personal devices do not need to be enrolled in Intune.
* Users must authenticate by using a PIN before they can access corporate email data.
* Users can use their personal iOS and Android devices to access corporate cloud services.
* Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
You need to configure a solution to enforce the security policy.
What should you create?
- A. an insider risk management policy from the Microsoft Purview compliance portal
- B. a data loss prevention (DIP) policy from the Microsoft Purview compliance portal
- C. a device configuration profile from the Microsoft Intune admin center
- D. an app protection policy from the Microsoft Intune admin center
Answer: B
NEW QUESTION # 150
Hotspot Question
You have a Microsoft 365 E5 subscription and use Microsoft Intune. The subscription contains a Microsoft Entra tenant that syncs with an on-premises Active Directory Domain Services (AD DS) domain. The tenant has Windows Local Administrator Password Solution (Windows LAPS) enabled.
You have the Windows devices shown in the following table.
You have an Endpoint security policy that is configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 151
You have an Azure AD tenant named contoso.com.
You plan to use Windows Autopilot to configure the Windows 10 devices shown in the following table.
Which devices can be configured by using Windows Autopilot self-deploying mode?
- A. Device3 only
- B. Device2 only
- C. Device 1, Device2, and Device3
- D. Device2 and Devnce3 only
Answer: D
Explanation:
Windows Autopilot self-deploying mode requires devices that have a firmware-embedded activation key for Windows 10 Pro or Windows 11 Pro. This feature allows devices to automatically activate Windows Enterprise edition using the subscription license assigned to the user. Device1 does not have a firmware-embedded activation key, so it cannot use self-deploying mode. Device2 and Device3 have firmware-embedded activation keys for Windows 10 Pro, so they can use self-deploying mode. References: Windows Autopilot self-deploying mode (Public Preview), Deploy Windows Enterprise licenses
NEW QUESTION # 152
You have an Azure subscription.
You have an on-premises Windows 11 device named Device 1.
You plan to monitor Device1 by using Azure Monitor.
You create a data collection rule (DCR) named DCR1 in the subscription.
To what should you associate DCR1 ?
- A. a Log Analytics workspace
- B. Device1
- C. Azure Network Watcher
- D. a Monitored Object
Answer: B
Explanation:
Explanation
To monitor Device1 by using Azure Monitor, you should associate DCR1 with Device1. A data collection rule (DCR) defines the data collection process in Azure Monitor, such as what data to collect, how to transform it, and where to send it. A DCR can be associated with multiple virtual machines and specify different data sources, such as Azure Monitor Agent, custom logs, or Azure Event Hubs1. To associate a DCR with a virtual machine, you need to install the Azure Monitor Agent on the machine and then select the DCR from the list of available rules2. You can also use Azure Policy to automatically install the agent and associate a DCR with any virtual machines or virtual machine scale sets as they are created in your subscription3.
The other options are not correct for this scenario because:
Azure Network Watcher is a service that provides network performance monitoring and diagnostics for Azure resources. It is not related to data collection rules or Azure Monitor4.
A Log Analytics workspace is a destination where you can send the data collected by a data collection rule. It is not an entity that you can associate a DCR with5.
A Monitored Object is not a valid term in the context of Azure Monitor or data collection rules.
References: Data collection rules in Azure Monitor, Configure data collection for Azure Monitor Agent, Use Azure Policy to install Azure Monitor Agent and associate with a DCR, What is Azure Network Watcher?, Log Analytics workspaces in Azure Monitor
NEW QUESTION # 153
You have a Microsoft 365 tenant that contains the objects shown in the following table.
In the Microsoft Intune admin center, you are creating a Microsoft 365 Apps app named App1. To which objects can you assign App1?
- A. Admin1, Group3, and Group4 only
- B. Group1, Group3, and Group4 only
- C. Group1, Group2, Group3, and Group4 only
- D. Group3 and Group4 only
- E. Admin1, Group1. Group2, Group3, andGroup4
Answer: B
Explanation:
In the Microsoft Intune admin center, you can assign apps to users or devices. Users can be assigned to apps by using user groups or individual user accounts. Devices can be assigned to apps by using device groups. In this scenario, the objects shown in the table are as follows:
Admin1 is an individual user account that belongs to the Global administrators role group.
Group1 is a user group that contains 100 users.
Group2 is a device group that contains 50 devices.
Group3 is a user group that contains 200 users.
Group4 is a device group that contains 150 devices.
Since App1 is a Microsoft 365 Apps app, it can only be assigned to users, not devices. Therefore, Group2 and Group4 are not valid objects for app assignment. Admin1 is also not a valid object for app assignment, because individual user accounts can only be used for testing purposes, not for production deployment.
Therefore, the only valid objects for app assignment are Group1 and Group3, which are user groups.
NEW QUESTION # 154
You have a Microsoft 365 E5 subscription and use Microsoft Intune.
You need to use a Sync bulk device action on all corporate-owned Windows devices.
What is the maximum number of devices you can include the action?
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
Answer: D
NEW QUESTION # 155
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices.
You need to review the startup times and restart frequencies of the devices. What should you use?
- A. Microsoft Defender for Endpoint
- B. Endpoint analytics
- C. Azure Monitor
- D. intune Data Warehouse
Answer: B
Explanation:
Endpoint analytics is a feature of Microsoft Intune that provides insights into the performance and health of devices. You can use endpoint analytics to review the startup times and restart frequencies of the devices, as well as other metrics such as sign-in times, battery life, app reliability, and software inventory.References:https://docs.microsoft.com/en-us/mem/analytics/overview
NEW QUESTION # 156
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
All the devices are enrolled in Microsoft Intune and have Microsoft 365 Apps for enterprise installed On which devices can you use the Cloud Policy service for Microsoft 365 to manage Microsoft 365 Apps for enterprise?
- A. Device1, Device2. Device3. and Device4
- B. Device1 and Device2 only
- C. Device1, Device2, and Device3 only
- D. Device2 only
- E. Device1, Device2, and Device4 only
Answer: B
NEW QUESTION # 157
You have a Microsoft 365 tenant that uses Microsoft Intune and contains the devices shown in the following table.
In Microsoft Intune Endpoint security, you need to configure a disk encryption policy for each device.
Which encryption type should you use for each device, and which role-based access control (RBAQ role in Intune should you use to manage the encryption keys? To answer, select the appropriate options m the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 158
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to ensure that only devices running trusted firmware or operating system build can access network resources.
Which compliance policy setting should you configure for each device? To answer, drag the appropriate settings to the correct devices. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 159
......
Feel Microsoft MD-102 Dumps PDF Will likely be The best Option: https://www.examstorrent.com/MD-102-exam-dumps-torrent.html
MD-102 exam torrent Microsoft study guide: https://drive.google.com/open?id=1t0Edc70AQjSv87m8-h_l-_5cztUvUpTc