Microsoft

MD-101

Managing Modern
Desktops
Version: 22.0

[ Total Questions: 187]

Web: www.dumpspedia.com

Email: [email protected]
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at [email protected]

Support
If you have any questions about our product, please provide the following items:

exam code
screenshot of the question
login id/email

please contact us at [email protected] and our technical experts will provide support within 24 hours.

Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Braindumps Questions Microsoft - MD-101

Exam Topic Breakdown

Exam Topic Number of Questions
Topic 1 : Litware inc 9
Topic 2 : Contoso Ltd 11
Topic 3 : Misc. Questions 167
TOTAL 187

100% Success with DumpsPedia.com 1 of 235

Braindumps Questions Microsoft - MD-101

Topic 1, Litware inc

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.

To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to
explore the content of the case study before you answer the questions. Clicking these buttons displays
information such as business requirements, existing environment, and problem statements. When you are
ready to answer a question, click the Question button to return to the question.

Existing Environment

Current Business Model

The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11:00 to 22:00.
Litware has a Microsoft System Center 2012 R2 Configuration Manager deployment. During discovery, the
company discovers a process where users are emailing bank account information of its customers to internal
and external recipients.

Current Environment

The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure
AD). The functional level of the forest and the domain is Windows Server 2012 R2. All domain controllers
run Windows Server 2012 R2.

Litware has the computers shown in the following table.

100% Success with DumpsPedia.com 2 of 235

Braindumps Questions Microsoft - MD-101

The development department uses projects in Azure DevOps to build applications.

Most of the employees in the sales department are contractors. Each contractor is assigned a computer that
runs Windows 10. At the end of each contract, the computer is assigned to different contractor. Currently, the
computers are re-provisioned manually by the IT department.

Problem Statements

Litware identifies the following issues on the network:

Employees in the Los Angeles office report slow Internet performance when updates are downloading.
The employees also report that the updates frequently consume considerable resources when they are
installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates
button.)

Management suspects that the source code for the proprietary applications in Azure DevOps in being
shared externally.

Re-provisioning the sales department computers is too time consuming.

Requirements

Business Goals

Litware plans to transition to co-management for all the company-owned Windows 10 computers. Whenever
possible, Litware wants to minimize hardware and software costs.

Device Management Requirements

Litware identifies the following device management requirements:

Prevent the sales department employees from forwarding email that contains bank account information.

Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.

Prevent employees in the research department from copying patented information from trusted
applications to untrusted applications.

100% Success with DumpsPedia.com 3 of 235

Braindumps Questions Microsoft - MD-101

Technical Requirements

Litware identifies the following technical requirements for the planned deployment:

Re-provision the sales department computers by using Windows AutoPilot.

Ensure that the projects in Azure DevOps can be accessed from the corporate network only.

Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire
every 30 days.

Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using
Windows AutoPilot.

Exhibits

100% Success with DumpsPedia.com 4 of 235

Braindumps Questions Microsoft - MD-101

Question #:1 - (Exam Topic 1)

You need to recommend a solution to meet the device management requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 5 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

Reference:

https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/app-protection-policy.md

100% Success with DumpsPedia.com 6 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-option-for-email

Question #:2 - (Exam Topic 1)

You need to capture the required information for the sales department computers to meet the technical

requirements.

Which Windows PowerShell command should you run first?

A. Install-Module WindowsAutoPilotIntune

B. Install-Script Get-WindowsAutoPilotInfo

C. Import-AutoPilotCSV

D. Get-WindowsAutoPilotInfo

Answer: B

Explanation
References:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/existing-devices

"This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10
devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using
Windows Autopilot"

Question #:3 - (Exam Topic 1)

What should you use to meet the technical requirements for Azure DevOps?

A. An app protection policy

B. Windows Information Protection (WIP)

C. Conditional access

D. A device configuration profile

Answer: C

Explanation
References:

100% Success with DumpsPedia.com 7 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/manage-conditional-access?

view=azure-devops

Question #:4 - (Exam Topic 1)

What should you upgrade before you can configure the environment to support co-management?

A. the domain functional level

B. Configuration Manager

C. the domain controllers

D. Windows Server Update Services (WSUS)

Answer: B

Explanation
References:

https://docs.microsoft.com/en-us/sccm/comanage/tutorial-co-manage-clients

Question #:5 - (Exam Topic 1)

You need to resolve the performance issues in the Los Angeles office.

How should you configure the update settings? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 8 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 9 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization

https://2pintsoftware.com/delivery-optimization-dl-mode/

Question #:6 - (Exam Topic 1)

What should you configure to meet the technical requirements for the Azure AD-joined computers?

A. Windows Hello for Business from the Microsoft Intune blade in the Azure portal.

B. The Accounts options in an endpoint protection profile.

C. The Password Policy settings in a Group Policy object (GPO).

D. A password policy from the Microsoft Office 365 portal.

Answer: A

Explanation
References:

100% Success with DumpsPedia.com 10 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-manage-inorganization

Question #:7 - (Exam Topic 1)

You need to meet the device management requirements for the developers.

What should you implement?

A. folder redirection

B. Enterprise State Roaming

C. home folders

D. known folder redirection in Microsoft OneDrive

Answer: B

Explanation
Litware identifies the following device management requirements:

Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.

Enterprise State Roaming allows for the synchronization of Microsoft Edge browser setting, including
favorites and reading list, across devices.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-windows-settings-reference

Question #:8 - (Exam Topic 1)

You need to meet the OOBE requirements for Windows AutoPilot.

Which two settings should you configure from the Azure Active Directory blade? To answer, select the
appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 11 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 12 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

100% Success with DumpsPedia.com 13 of 235

Braindumps Questions Microsoft - MD-101

https://blogs.msdn.microsoft.com/sgern/2018/10/11/intune-intune-and-autopilot-part-3-preparing-your-environment/

https://blogs.msdn.microsoft.com/sgern/2018/11/27/intune-intune-and-autopilot-part-4-enroll-your-first-device/

Question #:9 - (Exam Topic 1)

You need to meet the technical requirements for Windows AutoPilot.

Which two settings should you configure from the Azure Active Directory blade? To answer, select the
appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 14 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 15 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset

100% Success with DumpsPedia.com 16 of 235

Braindumps Questions Microsoft - MD-101

Topic 2, Contoso Ltd

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.

To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to
explore the content of the case study before you answer the questions. Clicking these buttons displays
information such as business requirements, existing environment, and problem statements. When you are
ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and
New York.

Contoso has the users and computers shown in the following table.

The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.

Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.

The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work
from home.

Existing Environment

The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure

100% Success with DumpsPedia.com 17 of 235

Braindumps Questions Microsoft - MD-101

Active Directory (Azure AD).

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10
Enterprise.

The computers are managed by using Microsoft System Center Configuration Manager. The mobile devices
are managed by using Microsoft Intune.

The naming convention for the computers is the department acronym, followed by a hyphen, and then four
numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.

Each department has an organization unit (OU) that contains a child OU named Computers. Each computer
account is in the Computers OU of its respective department.

Intune Configuration

100% Success with DumpsPedia.com 18 of 235

Braindumps Questions Microsoft - MD-101

Requirements

Planned Changes

Contoso plans to implement the following changes:

Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro
preinstalled and were purchased already.

100% Success with DumpsPedia.com 19 of 235

Braindumps Questions Microsoft - MD-101

Start using a free Microsoft Store for Business app named App1.

Implement co-management for the computers.

Technical Requirements:

Contoso must meet the following technical requirements:

Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from
devices that are enrolled in Intune.

Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows
Autopilot.

Monitor the computers in the LEG department by using Windows Analytics.

Create a provisioning package for new computers in the HR department.

Block iOS devices from sending diagnostic and usage telemetry data.

Use the principle of least privilege whenever possible.

Enable the users in the MKG department to use App1.

Pilot co-management for the IT department.

Question #:1 - (Exam Topic 2)

You need to prepare for the deployment of the Phoenix office computers.

What should you do first?

A. Extract the hardware ID information of each computer to a CSV file and upload the file from the
Devices settings in Microsoft Store for Business.

B. Generalize the computers and configure the Mobility (MDM and MAM) settings from the Azure Active

Directory blade in the Azure portal.

C. Generalize the computers and configure the Device settings from the Azure Active Directory blade in
the Azure portal.

D. Extract the hardware ID information of each computer to an XLSX file and upload the file from the
Devices settings in Microsoft Store for Business.

Answer: A

Explanation
References:

100% Success with DumpsPedia.com 20 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles

Question #:2 - (Exam Topic 2)

You need to prepare for the deployment of the Phoenix office computers.

What should you do first?

A. Generalize the computers and configure the Mobility (MDM and MAM) settings from the Azure Active
Directory admin center.

B. Extract the hardware ID information of each computer to a CSV file and upload the file from the
Microsoft Intune blade in the Azure portal.

C. Extract the hardware ID information of each computer to an XML file and upload the file from the
Devices settings in Microsoft Store for Business.

D. Extract the serial number information of each computer to a CSV file and upload the file from the
Microsoft Intune blade in the Azure portal.

Answer: A

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/existing-devices

Question #:3 - (Exam Topic 2)

To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 21 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 22 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 23 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/intune/device-profile-assign

Question #:4 - (Exam Topic 2)

You need to meet the technical requirements for the LEG department computers.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.

100% Success with DumpsPedia.com 24 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 25 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-azure-portal

Question #:5 - (Exam Topic 2)

What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the
appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 26 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Question #:6 - (Exam Topic 2)

You need to meet the technical requirements for the new HR department computers.

How should you configure the provisioning package? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 27 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 28 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-accounts

Question #:7 - (Exam Topic 2)

You need to meet the requirements for the MKG department users.

What should you do?

A. Assign the MKG department users the Purchaser role in Microsoft Store for Business

B. Download the APPX file for App1 from Microsoft Store for Business

C. Add App1 to the private store

D. Assign the MKG department users the Basic Purchaser role in Microsoft Store for Business

E. Acquire App1 from Microsoft Store for Business

Answer: E

Explanation
References:

https://docs.microsoft.com/en-us/microsoft-store/distribute-apps-from-your-private-store

100% Success with DumpsPedia.com 29 of 235

Braindumps Questions Microsoft - MD-101

Question #:8 - (Exam Topic 2)

You are evaluating which devices are compliant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 30 of 235

Braindumps Questions Microsoft - MD-101

Question #:9 - (Exam Topic 2)

You need to meet the technical requirements for the iOS devices.

Which object should you create in Intune?

A. A compliance policy

B. An app protection policy

C. A Deployment profile

D. A device profile

Answer: D

Explanation
References:

https://docs.microsoft.com/en-us/intune/device-restrictions-configure

https://docs.microsoft.com/en-us/intune/device-restrictions-ios

Question #:10 - (Exam Topic 2)

You need to meet the technical requirements for the IT department.

What should you do first?

A. From the Azure Active Directory blade in the Azure portal, enable Seamless single sign-on.

B. From the Configuration Manager console, add an Intune subscription.

C.

100% Success with DumpsPedia.com 31 of 235

Braindumps Questions Microsoft - MD-101

C. From the Azure Active Directory blade in the Azure portal, configure the Mobility (MDM and MAM)
settings.

D. From the Microsoft Intune blade in the Azure portal, configure the Windows enrollment settings.

Answer: C

Reference:

https://docs.microsoft.com/en-us/sccm/comanage/tutorial-co-manage-clients

Question #:11 - (Exam Topic 2)

You need a new conditional access policy that has an assignment for Office 365 Exchange Online.

You need to configure the policy to meet the technical requirements for Group4.

Which two settings should you configure in the policy? To answer, select the appropriate settings in the
answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 32 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 33 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 34 of 235

Braindumps Questions Microsoft - MD-101

The policy needs to be applied to Group4 so we need to configure Users and Groups.

The Access controls are set to Block access

We therefore need to exclude compliant devices.

From the scenario:

Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from
devices that are enrolled in Intune.

Note: When a device enrolls in Intune, the device information is updated in Azure AD to include the device
compliance status. This compliance status is used by conditional access policies to block or allow access to
e-mail and other organization resources.

References:

100% Success with DumpsPedia.com 35 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions

https://docs.microsoft.com/en-us/intune/device-compliance-get-started

100% Success with DumpsPedia.com 36 of 235

Braindumps Questions Microsoft - MD-101

Topic 3, Misc. Questions

Question #:1 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your company uses Windows Update for Business.

The research department has several computers that have specialized hardware and software installed.

You need to prevent the video drivers from being updated automatically by using Windows Update.

Solution: From the Settings app, you clear the Give me updates for other Microsoft products when I

update Windows check box.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
References:

https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000

Question #:2 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

You save a provisioning package named Package1 to a folder named C:\Folder1.

100% Success with DumpsPedia.com 37 of 235

Braindumps Questions Microsoft - MD-101

You need to apply Package1 to Computer1.

Solution: From File Explorer, you go to C:\Folder1, and then you double-click the Package1.ppkg file.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
To install a provisioning package, navigate to Settings > Accounts > Access work or school > Add or remove
a provisioning package > Add a package, and select the package to install.

Reference:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package

Question #:3 - (Exam Topic 3)

You have 100 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You need to configure the following device restrictions:

Block users from browsing to suspicious websites.

Scan all scripts loaded into Microsoft Edge.

Which two settings should you configure in Device restrictions? To answer, select the appropriate settings in
the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 38 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 39 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 40 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-smartscreen/windows-defender

Question #:4 - (Exam Topic 3)

: 160 HOTSPOT

Your company uses Microsoft System Center Configuration Manager (Current Branch) and purchases 365
subscription.

You need to set up Desktop Analytics for Configuration Manager.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 41 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 42 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/connect-configmgr

Question #:5 - (Exam Topic 3)

You have a Microsoft 365 subscription.

Users have iOS devices that are not enrolled in Microsoft 365 Device Management.

You create an app protection policy for the Microsoft Outlook app as shown in the exhibit. (Click the Exhibit
tab.)

100% Success with DumpsPedia.com 43 of 235

Braindumps Questions Microsoft - MD-101

You need to configure the policy to meet the following requirements:

Prevent the users from using the Outlook app if the operating system version is less than 12.0.0.

Require the users to use an alphanumeric passcode to access the Outlook app.

What should you configure in an app protection policy for each requirement? To answer, select the appropriate
options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 44 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 45 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios

Question #:6 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your company uses Windows AutoPilot to configure the computer settings of computers issued to users.

A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.

You plan to transfer the computer to a user named User2.

You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting
and to agree to the license agreement.

Solution: You create a new Windows AutoPilot user-driven deployment profile.

Does this meet the goal?

A. Yes

B. No

100% Success with DumpsPedia.com 46 of 235

Braindumps Questions Microsoft - MD-101

Answer: A

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/user-driven

Question #:7 - (Exam Topic 3)

You have a computer named Computer5 that has Windows 10 installed.

You create a Windows PowerShell script named config.ps1.

You need to ensure that config.ps1 runs after feature updates are installed on Computer5.

Which file should you modify on Computer5?

A. Unattend.xml

B. Unattend.bat

C. SetupConfig.ini

D. LiteTouch.wsf

Answer: C

Explanation
References:

https://www.joseespitia.com/2017/06/01/how-to-run-a-post-script-after-a-windows-10-feature-upgrade/

Question #:8 - (Exam Topic 3)

Your company uses Windows Defender Advanced Threat Protection (Windows Defender ATP). Windows
Defender ATP includes the machine groups shown in the following table.

100% Success with DumpsPedia.com 47 of 235

Braindumps Questions Microsoft - MD-101

You onboard a computer to Windows Defender ATP as shown in the following exhibit.

What is the effect of the Windows Defender ATP configuration? To answer, select the appropriate options in
the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 48 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Question #:9 - (Exam Topic 3)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You redirect Windows known folders to Microsoft OneDrive for Business.

Which folder will be included in the redirection?

A. Saved Games

B. Documents

C.

100% Success with DumpsPedia.com 49 of 235

Braindumps Questions Microsoft - MD-101

C. Music

D. Downloads

Answer: B

Reference:

https://docs.microsoft.com/en-us/onedrive/redirect-known-folders

Question #:10 - (Exam Topic 3)

You use Microsoft Intune to manage Windows updates.

You have computers that run Windows 10. The computers are in a workgroup and are enrolled in Intune. The
computers are configured as shown in the following table.

On each computer, the Select when Quality Updates are received Group Policy setting is configured as shown
in the following table.

You have Windows 10 update rings in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 50 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

Question #:11 - (Exam Topic 3)

You have devices enrolled in Microsoft Intune as shown in the following table.

100% Success with DumpsPedia.com 51 of 235

Braindumps Questions Microsoft - MD-101

On which devices can you apply app configuration policies?

A. Create an Azure Active Directory group that contains all users.

B. From the Intune portal, create a Microsoft Store app for the Remote Desktop modern app.

C. From the Intune portal assign the app to the Azure Active Directory group.

D. Create an Azure Active Directory group that contains the Windows 10 devices.

E. From the Microsoft Store for Business portal, assign a license for the app to all the users in the Azure
Active Directory group.

F. For your organization, make the app available in the Microsoft Store for Business.

Answer: B C D

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/apps-add

https://docs.microsoft.com/en-us/mem/intune/apps/apps-deploy

https://docs.microsoft.com/en-us/mem/intune/apps/windows-store-for-business

Question #:12 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You need to ensure that feature and quality updates install automatically during a maintenance window.

Solution: From the Windows Update settings, you enable Configure Automatic Updates, select 3 – Auto

100% Success with DumpsPedia.com 52 of 235

Braindumps Questions Microsoft - MD-101

download and notify for Install, and then enter a time.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
References:

https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates

Question #:13 - (Exam Topic 3)

You use the Antimalware Assessment solution in Microsoft Azure Log Analytics.

From the Protection Status dashboard, you discover the computers shown in the following table.

You verify that both computers are connected to the network and running.

What is a possible cause of the issue on each computer? To answer, drag the appropriate causes to the correct
computers. Each cause may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 53 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 54 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/ga-ie/azure/security-center/security-center-install-endpoint-protection

Question #:14 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).

You plan to replace the computers with new computers that run Windows 10. The new computers will be

joined to Azure AD.

You need to ensure that the desktop background, the favorites, and the browsing history are available on the
new computers.

Solution: You configure Enterprise State Roaming.

Does this meet the goal?

A. Yes

B. No

Answer: A

Explanation

100% Success with DumpsPedia.com 55 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-windows-settingsreference

Question #:15 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You need to ensure that feature and quality updates install automatically during a maintenance window.

Solution: From the Maintenance Scheduler settings, you configure Automatic Maintenance Activation

Boundary.

Does this meet the goal?

A. Yes

B. No

Answer: B

Reference:

https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates

Question #:16 - (Exam Topic 3)

You have 500 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You plan to distribute certificates to the computers by using Simple Certificate Enrollment Protocol (SCEP).

You have the servers shown in the following table.

100% Success with DumpsPedia.com 56 of 235

Braindumps Questions Microsoft - MD-101

NDES issues certificates from the subordinate CA.

You are configuring a device profile as shown in the exhibit. (Click the Exhibit tab.)

You need to complete the SCEP profile.

A. Server1

B. Server2

C. Server3

D.

100% Success with DumpsPedia.com 57 of 235

Braindumps Questions Microsoft - MD-101

D. Server4

Answer: D

Question #:17 - (Exam Topic 3)

You have computers that run Windows 10 and are configured by using Windows AutoPilot.

A user performs the following tasks on a computer named Computer1:

Creates a VPN connection to the corporate network

Installs a Microsoft Store app named App1

Connects to a Wi-Fi network

You perform a Windows AutoPilot Reset on Computer1.

What will be the state of the computer when the user signs in? To answer, select the appropriate options in the
answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 58 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 59 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset

Question #:18 - (Exam Topic 3)

You have two computers that run Windows 10. The computers are enrolled in Microsoft Intune as shown in
the following table.

Windows 10 update rings are defined in Intune as shown in the following table.

You assign the update rings as shown in the following table.

What is the effect of the configurations on Computer1 and Computer2? To answer, select the appropriate
options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 60 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 61 of 235

Braindumps Questions Microsoft - MD-101

Computer1 and Computer2 are members of Group1. Ring1 is applied to Group1.

Note: The term "Exclude" is misleading. It means that the ring is not applied to that group, rather than that
group being blocked.

References:

https://docs.microsoft.com/en-us/windows/deployment/update/waas-wufb-intune

https://allthingscloud.blog/configure-windows-update-business-using-microsoft-intune/

Question #:19 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your company uses Windows AutoPilot to configure the computer settings of computers issued to users.

A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.

You plan to transfer the computer to a user named User2.

100% Success with DumpsPedia.com 62 of 235

Braindumps Questions Microsoft - MD-101

You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting
and to agree to the license agreement.

Solution: You create a new Windows AutoPilot self-deploying deployment profile.

Does this meet the goal?

A. Yes

B. No

Answer: B

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/self-deploying

Question #:20 - (Exam Topic 3)

You have a computer named Computer1 that runs Windows 8.1.

You plan to perform an in-place upgrade of Computer1 to Windows 10 by using an answer file.

You need to identify which tool to use to create the answer file.

What should you identify?

A. System Configuration (Msconfig.exe)

B. Windows Configuration Designer

C. Windows System Image Manager (Windows SIM)

D. Windows Deployment Services (WDS)

Answer: C

Reference:

https://thesleepyadmins.com/2019/05/31/create-windows-10-answer-file/

Question #:21 - (Exam Topic 3)

Your company has an infrastructure that has the following:

A Microsoft 365 tenant

100% Success with DumpsPedia.com 63 of 235

Braindumps Questions Microsoft - MD-101

An Active Directory forest

Microsoft Store for Business

A Key Management Service (KMS) server

A Windows Deployment Services (WDS) server

A Microsoft Azure Active Directory (Azure AD) Premium tenant

The company purchases 100 new computers that run Windows 10.

You need to ensure that the new computers are joined automatically to Azure AD by using Windows
AutoPilot.

What should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 64 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/intune/enrollment-autopilot

Question #:22 - (Exam Topic 3)

Your company uses Microsoft Intune to manage devices. You need to ensure that only Android devices that
use Android work profiles can enroll in Intune.

100% Success with DumpsPedia.com 65 of 235

Braindumps Questions Microsoft - MD-101

Which two configurations should you perform in the device enrollment restrictions? Each correct answer

presents part of the solution.

NOTE: each correct selection is worth one point.

A. From Select platforms, set Android work profile to Allow.

B. From Configure platforms, set Android Personally Owned to Block.

C. From Configure platforms, set Android Personally Owned to Allow.

D. From Select platforms, set Android to Block.

Answer: A D

Explanation
https://docs.microsoft.com/en-us/InTune/enrollment-restrictions-set

Question #:23 - (Exam Topic 3)

Your company uses Microsoft Intune. You have a Microsoft Store for Business account.

You need to ensure that you can deploy Microsoft Store for Business apps by using Intune.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.

100% Success with DumpsPedia.com 66 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 67 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 68 of 235

Braindumps Questions Microsoft - MD-101

Question #:24 - (Exam Topic 3)

Your company uses Microsoft Intune.

More than 500 Android and iOS devices are enrolled in the Intune tenant.

You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or
iOS installed on the device.

You need to ensure that the policies can target the devices based on their version of Android or iOS.

What should you configure first?

A. Corporate device identifiers in Intune

B. Device settings in Microsoft Azure Active Directory (Azure AD)

C. Device categories in Intune

D. Groups that have dynamic membership rules in Microsoft Azure Active Directory (Azure AD)

Answer: D

Explanation
https://blogs.technet.microsoft.com/pauljones/2017/08/29/dynamic-group-membership-in-azure-active-directory-part-2/

Question #:25 - (Exam Topic 3)

100% Success with DumpsPedia.com 69 of 235

Braindumps Questions Microsoft - MD-101

You have a shared computer that runs Windows 10.

The computer is infected with a virus.

You discover that a malicious TTF font was used to compromise the computer.

You need to prevent this type of threat from affecting the computer in the future.

What should you use?

A. Windows Defender Exploit Guard

B. Windows Defender Application Guard

C. Windows Defender Credential Guard

D. Windows Defender System Guard

E. Windows Defender SmartScreen

Answer: A

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windowsdefende

Question #:26 - (Exam Topic 3)

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure
AD). All computers are joined to the domain and registered to Azure AD.

The network contains a Microsoft System Center Configuration Manager (Current Batch) deployment that is
configured for co-management with Microsoft Intune.

All the computers in the finance department are managed by using Configuration Manager. All the computers
in the marketing department are managed by using Intune.

You install new computers for the users in the marketing department by using the Microsoft Deployment
Toolkit (MDT).

You purchase an application named App1 that uses an MSI package.

You need to install App1 on the finance department computers and the marketing department computers.

How should you deploy App1 to each department? To answer, drag the appropriate deployment methods to the
correct departments. Each deployment method may be used once, more than once, or not at all. You may need
to drag the split bat between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 70 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 71 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/intune/apps-add

https://docs.microsoft.com/en-us/sccm/apps/get-started/create-and-deploy-an-application

Question #:27 - (Exam Topic 3)

100% Success with DumpsPedia.com 72 of 235

Braindumps Questions Microsoft - MD-101

Your company has a System Center Configuration Manager deployment that uses hybrid mobile device

management (MDM). All Windows 10 devices are Active Directory domain-joined.

You plan to migrate from hybrid MDM to Microsoft Intune standalone.

You successfully run the Intune Data Importer tool.

You need to complete the migration.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. In Intune, add a device enrollment manager (DEM).

B. Change the tenant MDM authority to Intune.

C. Assign all users Intune licenses.

D. Create a new Intune tenant.

Answer: B C

Explanation
References:

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-hybridmdm-to-intunesa

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-prepare-intune

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/change-mdm-authority

Question #:28 - (Exam Topic 3)

Your network contains an Active Directory domain. The domain contains 10 computers that run Windows 8.1
and use local user profiles.

You deploy 10 new computers that run Windows 10 and join the computers to the domain.

You need to migrate the user profiles from the Windows 8.1 computers to the Windows 10 computers.

What should you do?

A. From the Windows 8.1 computer of each user, run imagex.exe/capture, and then from the Windows 10
computer of each user, run imagex.exe/apply.

B. Configure roaming user profiles for the users. Instruct the users to first sign in to and out of their
Windows 8.1 computer and then to sign in to their Windows 10 computer.

100% Success with DumpsPedia.com 73 of 235

Braindumps Questions Microsoft - MD-101

C. From the Windows 8.1 computer of each user, run scanstate.exe, and then from the Windows 10
computer of each user, run loadstate.exe.

D. Configure Folder Redirection for the users. Instruct the users to first sign in to and out of their Windows
8.1 computer, and then to sign in to their Windows 10 computer.

Answer: C

Explanation
The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source
computer, collect the files and settings, and create a store.

Reference:

https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax

https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-loadstate-syntax

Question #:29 - (Exam Topic 3)

Your company has a Microsoft 365 subscription.

All the users in the finance department own personal devices that run iOS or Android. All the devices are

enrolled in Microsoft Intune.

The finance department adds new users each month.

The company develops a mobile application named App1 for the finance department users.

You need to ensure that only the finance department users can download App1.

What should you do first?

A. Add App1 to Intune.

B. Add App1 to a Microsoft Deployment Toolkit (MDT) deployment share.

C. Add App1 to Microsoft Store for Business.

D. Add App1 to the vendor stores for iOS and Android applications.

Answer: A

Reference:

https://docs.microsoft.com/en-us/intune/apps-add

100% Success with DumpsPedia.com 74 of 235

Braindumps Questions Microsoft - MD-101

Question #:30 - (Exam Topic 3)

You have a Microsoft Intune subscription.

You are creating a Windows Autopilot deployment profile named Profile1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 75 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 76 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/user-driven#:~:text=Windows%20Autopilot

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/white-glove

Question #:31 - (Exam Topic 3)

Your network contains an Active Directory forest. The forest contains a single domain and three sites named
Site1, Site2, and Site3. Each site is associated to two subnets. Site1 contains two subnets named SubnetA and
SubnetB.

All the client computers in the forest run Windows 10. Delivery Optimization is enabled.

You have a computer named Computer1 that is in SubnetA.

From which hosts will Computer1 download updates?

A. the computers in Site1 only

B. any computer in the domain

C. the computers in SubnetA only

D. any computer on the network

Answer: C

Explanation
Delivery Optimization allows updates from other clients that connect to the Internet using the same public IP
as the target client (NAT).

100% Success with DumpsPedia.com 77 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization

Question #:32 - (Exam Topic 3)

In Microsoft Intune, you have the device compliance policies shown in the following table.

The Intune compliance policy settings are configured as shown in the following exhibit.

On June 1, you enroll Windows 10 devices in Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 78 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance

Question #:33 - (Exam Topic 3)

Your

company has an internal portal that uses a URL of http://contoso.com.

The network contains computers that run Windows 10. The default browser on all the computers is Microsoft

100% Success with DumpsPedia.com 79 of 235

Braindumps Questions Microsoft - MD-101

Edge.

You need to ensure that all users only use Internet Explorer to connect to the internal portal. The solution must

ensure that Microsoft Edge can be used to connect to all other websites.

What should you do from each computer?

A. From Internet Explorer, configure the Compatibility View settings

B. From the local policy, configure Enterprise Mode

C. From Microsoft Edge, configure the Advanced Site Settings

D. From the Settings app, configure the default web browser settings

Answer: B

Reference:

https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility

Question #:34 - (Exam Topic 3)

You have the 64-bit computers shown in the following table.

100% Success with DumpsPedia.com 80 of 235

Braindumps Questions Microsoft - MD-101

You plan to perform an in-place upgrade to the 64-bit version of Windows 10.

Which computers can you upgrade to the 64-bit version of Windows 10 in their current state?

A. Computer2 and Computer4 only

B. Computer4 only

C. Computer3 and Computer4 only

D. Computer1, Computer2, Computer3 and Computer4

E. Computer2, Computer3, and Computer4 only

Answer: A

Explanation
References:

https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios

Question #:35 - (Exam Topic 3)

You have a hybrid Microsoft Azure Active Directory (Azure AD) tenant.

100% Success with DumpsPedia.com 81 of 235

Braindumps Questions Microsoft - MD-101

You configure a Windows Autopilot deployment profile as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 82 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 83 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/intune/enrollment-autopilot

Question #:36 - (Exam Topic 3)

Your company has a Microsoft Azure Active Directory (Azure AD) tenant.

The company has a Volume Licensing Agreement and uses a product key to activate Windows 10.

You plan to deploy Windows 10 Pro to 200 new computers by using the Microsoft Deployment Toolkit
(MDT) and Windows Deployment Services (WDS).

You need to ensure that the new computers will be configured to have the correct product key during the

installation.

What should you configure?

A. a WDS boot image

B. an MDT task sequence

C. the Device settings in Azure AD

D. a Windows AutoPilot deployment profile

Answer: A

Explanation
References:

100% Success with DumpsPedia.com 84 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-imageusing-mdt#a-

Question #:37 - (Exam Topic 3)

Your network contains an Active Directory domain. The domain contains 1,200 computers that run Windows
8.1.

You deploy an Upgrade Readiness solution in Microsoft Azure and configure the computers to report to
Upgrade Readiness.

From Upgrade Readiness, you open a table view of the applications.

You need to filter the view to show only applications that can run successfully on Windows 10.

How should you configure the filter in Upgrade Readiness? To answer, select the appropriate options in the
answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 85 of 235

Braindumps Questions Microsoft - MD-101

Explanation

References:

https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-resolve-issues

Question #:38 - (Exam Topic 3)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(AD) and enrolled in Microsoft Intune.

You need to enable self-service password reset on the sign-in screen.

Which settings should you configure from the Microsoft Intune blade?

A. Device configuration

B.

100% Success with DumpsPedia.com 86 of 235

Braindumps Questions Microsoft - MD-101

B. Device compliance

C. Device enrollment

D. Conditional access

Answer: A

Explanation
References:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

Question #:39 - (Exam Topic 3)

Your company has several Windows 10 devices that are enrolled in Microsoft Inline.

You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.

You need to enroll Computer1 in Intune.

Solution: You install the Company Portal app on Computer1 and use the Devices tab from the app.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
Use MDM enrolment.

MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory
joined PC into Intune. Users enroll from Settings on the existing Windows PC.

Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods

Question #:40 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You need to configure access to Microsoft Office 365 for unmanaged devices. The solution must meet the
following requirements:

100% Success with DumpsPedia.com 87 of 235

Braindumps Questions Microsoft - MD-101

Allow only the Microsoft Intune Managed Browser to access Office 365 web interfaces.

Ensure that when users use the Intune Managed Browser to access Office 365 web interfaces, they can
only copy data to applications that are managed by the company.

Which two settings should you configure from the Microsoft Intune blade? To answer, select the appropriate
settings in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 88 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 89 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 90 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser#application-protection-policies-for-protec

Question #:41 - (Exam Topic 3)

You have a Microsoft Azure Log Analytics workplace that collects all the event logs from the computers at
your company.

You have a computer named Computer1 than runs Windows 10. You need to view the events collected from
Computer1.

Which query should you run in Log Analytics?

A. Event

| where Computer = = "Computer1"

B. ETWEvent

100% Success with DumpsPedia.com 91 of 235

Braindumps Questions Microsoft - MD-101
B.

| where SourceSystem = = "Computer1"

C. ETWEvent

| where Computer = = "Computer1"

D. Event

| where SourceSystem = = "Computer1"

Answer: A

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events

Question #:42 - (Exam Topic 3)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You need to set a custom image as the wallpaper and sign-in screen.

Which two settings should you configure in Device restrictions? To answer, select the appropriate settings in
the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 92 of 235

Braindumps Questions Microsoft - MD-101

100% Success with DumpsPedia.com 93 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 94 of 235

Braindumps Questions Microsoft - MD-101

100% Success with DumpsPedia.com 95 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Sign-in screen, or Locked screen, image is set under Locked screen experience

Wallpaper image, or Desktop background picture, URL is set under Personalization.

References:

https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10

Question #:43 - (Exam Topic 3)

100% Success with DumpsPedia.com 96 of 235

Braindumps Questions Microsoft - MD-101

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory
(Azure AD).

Existing on-premises computers are managed by using Microsoft System Center Configuration Manager
(Current Branch). You configure contoso.com for co-management.

You deploy 100 new devices that run Windows 10. The devices are joined to Azure AD and enrolled in
Microsoft Intune.

You need to ensure that the devices are co-managed.

What should you create in Intune first?

A. a conditional access policy

B. a device compliance policy

C. an app for the Configuration Manager client

D. a device configuration profile

E. an app configuration policy

Answer: C

Explanation
For new internet-based devices, you need to create an app in Intune. Deploy this app to Windows 10 devices
that aren't already Configuration Manager clients. This scenario is when you have new Windows 10 devices
that join Azure AD and automatically enroll to Intune. You install the Configuration Manager client to reach a
co-management state.

References:

https://docs.microsoft.com/en-us/configmgr/comanage/how-to-prepare-win10

Question #:44 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several
Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

100% Success with DumpsPedia.com 97 of 235

Braindumps Questions Microsoft - MD-101

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10
devices to contoso.com.

Solution: From the Azure Active Directory admin center, you configure automatic mobile device management
(MDM) enrollment. From the Device Management admin center, you create and assign a device restrictions
profile.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
Instead, from the Azure Active Directory admin center, you configure automatic mobile device management
(MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for
Business enrollment options.

References:

https://docs.microsoft.com/en-us/intune/protect/windows-hello

Question #:45 - (Exam Topic 3)

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure
AD). The domain contains 500 laptops that run Windows 8.1 Professional. The users of the laptops work from
home.

Your company uses Microsoft Intune, the Microsoft Deployment Toolkit (MDT), and Windows Configuration
Designer to manage client computers.

The company purchases 500 licenses for Windows 10 Enterprise.

You verify that the hardware and applications on the laptops are compatible with Windows 10.

The users will bring their laptop to the office, where the IT department will deploy Windows 10 to the laptops
while the users wait.

You need to recommend a deployment method for the laptops that will retain their installed applications. The
solution must minimize how long it takes to perform the deployment.

What should you include in the recommendation?

A. an in-place upgrade

B. a clean installation by using a Windows Configuration Designer provisioning package

C.

100% Success with DumpsPedia.com 98 of 235

Braindumps Questions Microsoft - MD-101

C. Windows AutoPilot

D. a clean installation and the User State Migration Tool (USMT)

Answer: A

Explanation
References:

https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios#in-place-upgrade

Question #:46 - (Exam Topic 3)

Your network contains an Active Directory domain named contoso.com.

You create a provisioning package named Package1 as shown in the following exhibit.

100% Success with DumpsPedia.com 99 of 235

Braindumps Questions Microsoft - MD-101

What is the maximum number of devices on which you can run Package1 successfully?

A. 1

B. 10

C. 25

D. unlimited

Answer: D

Question #:47 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You create a terms of use (ToU) named Terms1 in contoso.com.

You are creating a conditional access policy named Policy1 to assign a cloud app named App1 to the users in
contoso.com.

You need to configure Policy1 to require the users to accept Terms1.

What should you configure in Policy1?

A. Grant in the Access controls section

B. Conditions in the Assignments section

C. Cloud apps or actions in the Assignments section

D. Session in the Access controls section

Answer: A

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-tou

Question #:48 - (Exam Topic 3)

You have an Azure Active Directory group named Group1. Group1 contains two Windows 10 Enterprise
devices named Device1 and Device2.

You create a device configuration profile named Profile1. You assign Profile1 to Group1. You need to ensure
that Profile1 applies to Device1 only. What should you modify in Policy1?

A.

100% Success with DumpsPedia.com 100 of 235

Braindumps Questions Microsoft - MD-101

A. Assignments

B. Applicability Rules

C. Settings

D. Scope (Tags)

Answer: A

Reference:

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-assign

Question #:49 - (Exam Topic 3)

Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure
Active Directory (Azure AD).

You have the Windows 10 devices shown in the following table.

You need to ensure that you can use co-management to manage all the Windows 10 devices.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Join Device 1, Device2, and Device4 to Azure AD.

B. Unjoin Device3, Device5, and Device6 from Azure AD, and then register the devices in Azure AD.

C. Enroll Device4 and Device5 in Intune.

D. Join Device2, Device3, and Device5 to the domain.

E. Install the Endpoint Configuration Manager agent on Device1 and Device3.

Answer: C E

100% Success with DumpsPedia.com 101 of 235

Braindumps Questions Microsoft - MD-101

Explanation
Co-management enables you to concurrently manage Windows 10 devices by using both Configuration
Manager and Microsoft Intune.

Co-management requires Configuration Manager version 1710 or later and enrollment in Microsoft Intune.

Windows 10 devices must be hybrid Azure AD joined.

Reference:

https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview

Question #:50 - (Exam Topic 3)

A company named A-Datum Corporation uses Microsoft Endpoint Configuration Manager, Microsoft Intune,
and Desktop Analytics.

A-Datum purchases a company named Contoso, Ltd. Contoso has devices that run the following operating
systems:

Windows 8.1

Windows 10

Android

iOS

A-Datum plans to use Desktop Analytics to monitor the Contoso devices.

You need to identify which devices can be monitored by using Desktop Analytics and how to add the devices
to Desktop Analytics.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 102 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/overview

100% Success with DumpsPedia.com 103 of 235

Braindumps Questions Microsoft - MD-101

Question #:51 - (Exam Topic 3)

Your company plans to deploy tablets to 50 meeting rooms.

The tablets run Windows 10 and are managed by using Microsoft Intune. The tablets have an application

named App1.

You need to configure the tablets so that any user can use App1 without having to sign in. Users must be

prevented from using other applications on the tablets.

Which device configuration profile type should you use?

A. Kiosk

B. Endpoint protection

C. Identity protection

D. Device restrictions

Answer: A

Reference:

https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app

Question #:52 - (Exam Topic 3)

Your company has a Microsoft Azure Active Directory (Azure AD) tenant.

The company uses Microsoft Intune to manage iOS, Android, and Windows 10 devices.

The company plans to purchase 1,000 iOS devices. Each device will be assigned to a specific user.

You need to ensure that the new iOS devices are enrolled automatically in Intune when the assigned user signs
in for the first time.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.

100% Success with DumpsPedia.com 104 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 105 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 106 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/intune/device-enrollment-program-enroll-ios

Question #:53 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to use Windows Autopilot to configure the Windows 10 devices shown in the following table.

Which devices can be configured by using Windows Autopilot self-deploying mode?

A. Device2 and Device3 only

B. Device3 only

C. Device2 only

D. Device 1, Device2, and Device3

Answer: B

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/self-deploying

100% Success with DumpsPedia.com 107 of 235

Braindumps Questions Microsoft - MD-101

Question #:54 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains two computers
named Computer1 and Computer2. The computers run Windows 10 and are members of a group named
GroupA.

The tenant contains a user named User1 that is a member of a group named Group1.

You need to ensure that if User1 changes the desktop background on Computer1, the new desktop background
will appear when User1 signs in to Computer2.

What should you do?

A. Create a device configuration profile for Windows 10 and configure the Shared multi-user device
settings. Assign the profile to GroupA.

B. From the Azure Active Directory admin center, enable Enterprise State Roaming for Group1.

C. From the Azure Active Directory admin center, enable Enterprise State Roaming for GroupA.

D. Create a device configuration profile for Windows 10 and configure the Shared multi-user device
settings. Assign the profile to Group1.

Answer: C

Question #:55 - (Exam Topic 3)

You have a Microsoft Azure Active Directory (Azure AD) tenant. All corporate devices are enrolled in
Microsoft Intune.

You have a web-based application named App1 that uses Azure AD to authenticate.

You need to prompt all users of App1 to agree to the protection of corporate data when they access App1 from
both corporate and non-corporate devices.

What should you configure?

A. Notifications in Device compliance

B. Terms and Conditions in Device enrollment

C. Terms of use in Conditional access

D. an Endpoint protection profile in Device configuration

Answer: C

100% Success with DumpsPedia.com 108 of 235

Braindumps Questions Microsoft - MD-101

Explanation
References:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use

Question #:56 - (Exam Topic 3)

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All Windows 10
devices are enrolled in Microsoft Intune.

You configure the following settings in Windows Information Protection (WIP):

Protected apps: App1

Exempt apps: App2

Windows Information Protection mode: Silent

App1, App2, and App3 use the same file format.

You create a file named File1 in App1.

You need to identify which apps can open File1.

What apps should you identify? To answer, select the appropriate options in the answer area,

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 109 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-

Question #:57 - (Exam Topic 3)

Your company plans to deploy Windows 10 to device that will be configured for Englis use and other devices
that will be configured for Korean use.

You need to create a single multivariate provisioning for the planned for the planned devices.

100% Success with DumpsPedia.com 110 of 235

Braindumps Questions Microsoft - MD-101

You create the provisioning package.

What should do you next to add the language settings to the package?

A. Create a file named Language.XML that contains a header for Korean.

B. Modify the .ppkg file.

C. Create a file named languages.xml that contains a header for English.

D. Modify the Customizations xmlfile

Answer: D

Explanation
Follow these steps to create a provisioning package with multivariant capabilities.

Build a provisioning package and configure the customizations you want to apply during certain
conditions.

After you've configured the settings, save the project.

Open the project folder and copy the customizations.xml file to any local location.

Use an XML or text editor to open the customizations.xml file.

Edit the customizations.xml file to create a Targets section to describe the conditions that will handle
your multivariant settings.

In the customizations.xml file, create a Variant section for the settings you need to customize.

Save the updated customizations.xml file and note the path to this updated file. You will need the path
as one of the values for the next step.

Use the Windows Configuration Designer command-line interface to create a provisioning package
using the updated customizations.xml.

References:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-multivariant

Question #:58 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

100% Success with DumpsPedia.com 111 of 235

Braindumps Questions Microsoft - MD-101

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several
Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10
devices to contoso.com.

Solution: From the Azure Active Directory admin center, you configure automatic mobile device management
(MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for
Business enrollment options.

Does this meet the goal?

A. Yes

B. No

Answer: A

Explanation
Hello for Business is an alternative sign-in method that uses Active Directory or an Azure Active Directory
account to replace a password, smart card, or a virtual smart card. It lets you use a user gesture to sign in,
instead of a password. A user gesture might be a PIN, biometric authentication such as Windows Hello, or an
external device such as a fingerprint reader.

Intune integrates with Hello for Business in two ways:

An Intune policy can be created under Device enrollment. This policy targets the entire organization
(tenant-wide). It supports the Windows AutoPilot out-of-box-experience (OOBE) and is applied when a device
enrolls.

An identity protection profile can be created under Device configuration. This profile targets assigned users
and devices, and is applied during check-in.

References:

https://docs.microsoft.com/en-us/intune/protect/windows-hello

Question #:59 - (Exam Topic 3)

You have 200 computers that run Windows 10.

You need to create a provisioning package to configure the following tasks:

Remove the Microsoft News and the Xbox Microsoft Store apps.

Add a VPN connection to the corporate network.

100% Success with DumpsPedia.com 112 of 235

Braindumps Questions Microsoft - MD-101

Which two customizations should you configure? To answer, select the appropriate customizations in the
answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 113 of 235

Braindumps Questions Microsoft - MD-101

Explanation
Connectivityprofiles

Policies

References:

100% Success with DumpsPedia.com 114 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-connectivityprofiles

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#applicationm

https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-policies

Question #:60 - (Exam Topic 3)

You have a computer named Computer1 that runs Windows 10.

Computer1 has the users shown in the following table.

User1 signs in to Computer1, creates the following files, and then signs out:

docx in C:\Users\User1\Desktop

docx in C:\Users\Public\Public Desktop

docx in C:\Users\Default\ Desktop

User3 signs in to Computer1 and creates a file named File4.docx in C:\Users\User3\Desktop.

User2 has never signed in to Computer1.

How many DOCX files will appear on the desktop of each user the nest time each user signs in? To answer,
select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 115 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 116 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 117 of 235

Braindumps Questions Microsoft - MD-101

Question #:61 - (Exam Topic 3)

You have a Microsoft Intune subscription.

You have devices enrolled in Intune as shown in the following table.

An app named App1 is installed on each device.

What is the minimum number of app configuration policies required to manage App1?

A.

100% Success with DumpsPedia.com 118 of 235

Braindumps Questions Microsoft - MD-101

A. 1

B. 2

C. 3

D. 4

E. 5

Answer: B

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-overview

Question #:62 - (Exam Topic 3)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You need to configure an Intune device configuration profile to meet the following requirements:

Prevent Microsoft Office applications from launching child processes.

Block users from transferring files over FTP.

Which two settings should you configure in Endpoint protection? To answer, select the appropriate settings in
the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 119 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 120 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 121 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10

Question #:63 - (Exam Topic 3)

You have computers that run Windows 10 and are managed by using Microsoft Intune.

Users store their files in a folder named D:\Folder1.

D18912E1457D5D1DDCBD40AB3BF70D5D

You need to ensure that only a trusted list of applications is granted write access to D:\Folder1.

What should you configure in the device configuration profile?

A. Microsoft Defender SmartScreen

100% Success with DumpsPedia.com 122 of 235

Braindumps Questions Microsoft - MD-101

B. Microsoft Defender Exploit Guard

C. Microsoft Defender Application Guard

D. Microsoft Defender Application Control

Answer: B

Reference:

https://www.microsoft.com/security/blog/2017/10/23/windows-defender-exploit-guard-reduce-the-attacksurface-

against-next-generation-malware/

Question #:64 - (Exam Topic 3)

Your network contains an Active Directory named contoso.com. The domain contains two computers named
Computer1 and Computer2 that run Windows 10.

Folder Redirection is configured for a domain user named User1. The AppData\Roaming folder and the

Desktop folder are redirected to a network share.

User1 signs in to Computer1 and performs the following tasks:

Configures screen saver to start after five minutes of inactivity

Modifies the default save location for Microsoft Word

Creates a file named File1.docx on the desktop

Modifies the desktop background

You need to identify what will be retained when User1 signs in to Computer2.

What should you identify?

A. File1.docx and the desktop background only

B. File1.docx, the screen saver settings, the desktop background, and the default save location for Word

C. File1.docx only

D. File1.docx, the desktop background, and the default save location for Word only

Answer: B

Reference:

100% Success with DumpsPedia.com 123 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview

Question #:65 - (Exam Topic 3)

Your company has a main office and six branch offices. The branch offices connect to the main office by
using a WAN link. All offices have a local Internet connection and a Hyper-V host cluster.

The company has a Microsoft System Center Configuration Manager deployment. The main office is the
primary site. Each branch has a distribution point. All computers that run Windows 10 are managed by using
both Configuration Manager and Microsoft Intune.

You plan to deploy the latest build of Microsoft Office 365 ProPlus to all the computers.

You need to minimize the amount of network traffic on the company’s Internet links for the planned
deployment.

What should you include in the deployment plan?

A. From Intune, configure app assignments for the Office 365 ProPlus suite.

In each office, copy the Office 365 distribution files to a Microsoft Deployment Toolkit (MDT)
deployment

share.

B. From Intune, configure app assignments for the Office 365 ProPlus suite.

In each office, copy the Office 365 distribution files to a Configuration Manager distribution point.

C. From Configuration Manager, create an application deployment.

Copy the Office 365 distribution files to a Configuration Manager cloud distribution point.

D. From Configuration Manager, create an application deployment.

In each office, copy the Office 365 distribution files to a Configuration Manager distribution point.

Answer: D

Reference:

https://docs.microsoft.com/en-us/deployoffice/deploy-office-365-proplus-with-system-center-configurationmanager-20

Question #:66 - (Exam Topic 3)

You have a workgroup computer named Computer1 that runs Windows 10 and has the users shown in the
following table.

100% Success with DumpsPedia.com 124 of 235

Braindumps Questions Microsoft - MD-101

Group1 is a member of Group3.

You are creating a file named Kiosk.xml that specifies a lockdown profile for a multi-app kiosk.

Kiosk.xml contains the following section.

You apply Kiosk.xml to Computer1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 125 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps#config-for-group-acc

Question #:67 - (Exam Topic 3)

You have a computer named Computer1 that runs Windows 10. Computer is used by a user named User1.

You need to ensure that when User1 opens websites from untrusted locations by using Microsoft Edge,
Microsoft Edge runs in isolated container.

What should you do first?

A. From Windows Features, turn on Windows Defender Application Guard.

B. From Windows Security, configure the Device security settings.

C. From Windows Security, configure the Virus & threat protection settings.

D. From Windows Features, turn on Hyper-V Platform.

100% Success with DumpsPedia.com 126 of 235

Braindumps Questions Microsoft - MD-101

Answer: A

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guar

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/install-wd-ap

Question #:68 - (Exam Topic 3)

Your network contains an Active Directory domain. The domain contains computers that run Windows 10 and
are enrolled in Microsoft Intune. Updates are deployed by using Windows Update for Business.

Users in a group named Group1 must meet the following requirements:

Update installations must occur any day only between 00:00 and 05:00.

Updates must be downloaded from Microsoft and from other company computers that already
downloaded the updates.

You need to configure the Windows 10 Update Rings in Intune to meet the requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 127 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 128 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 129 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/windows-update-settings.md

https://docs.microsoft.com/en-us/intune/delivery-optimization-windows#move-from-existing-update-rings-to-delivery-o

Question #:69 - (Exam Topic 3)

You have Windows 10 devices that are managed by using Microsoft Intune. Intune and the Microsoft Store for

Business are integrated.

You need to deploy the Remote Desktop modern app as an automatic install to the Windows 10 devices

without user interaction.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Create an Azure Active Directory group that contains all users.

B. From the Intune portal, create a Microsoft Store app for the Remote Desktop modern app.

C. From the Intune portal assign the app to the Azure Active Directory group.

D. Create an Azure Active Directory group that contains the Windows 10 devices.

E. From the Microsoft Store for Business portal, assign a license for the app to all the users in the Azure

Active Directory group.

F. For your organization, make the app available in the Microsoft Store for Business.

100% Success with DumpsPedia.com 130 of 235

Braindumps Questions Microsoft - MD-101

Answer: B C D

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/apps-add

https://docs.microsoft.com/en-us/mem/intune/apps/apps-deploy

https://docs.microsoft.com/en-us/mem/intune/apps/windows-store-for-business

Question #:70 - (Exam Topic 3)

You have 10 computers that run Windows 7 and have the following configurations:

A single MBR disk

A disabled TPM chip

Disabled hardware virtualization

UEFI firmware running in BIOS mode

Enabled Data Execution Prevention (DEP)

You plan to upgrade the computers to Windows 10.

You need to ensure that the computers can use Secure Boot.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Convert the MBR disk to a GPT disk

B. Enable the TPM chip.

C. Disable DEP

D. Enable hardware virtualization

E. Convert the firmware from BIOS to UEFI.

Answer: A E

Reference:

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-biosmode

100% Success with DumpsPedia.com 131 of 235

Braindumps Questions Microsoft - MD-101

Question #:71 - (Exam Topic 3)

You have a Microsoft 365 subscription.

D18912E1457D5D1DDCBD40AB3BF70D5D

You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).

You plan to replace the computers with new computers that run Windows 10. The new computers will be

joined to Azure AD.

You need to ensure that the desktop background, the favorites, and the browsing history are available on the

new computers.

What should you use?

A. Folder Redirection

B. The Microsoft SharePoint Migration Tool

C. Enterprise State Roaming

D. Roaming user profiles

Answer: C

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-windows-settingsreference

Question #:72 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in
the following table.

Contoso.com contains the devices shown in the following table.

100% Success with DumpsPedia.com 132 of 235

Braindumps Questions Microsoft - MD-101

In Intune, you create the app protection policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 133 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy

Question #:73 - (Exam Topic 3)

You have devices enrolled in Microsoft Intune as shown in the following table.

You create an app protection policy named Policy1 that has the following settings:

Platform: Windows 10

100% Success with DumpsPedia.com 134 of 235

Braindumps Questions Microsoft - MD-101

Protected apps: App1

Exempt apps: App2

Network boundary: Cloud resources, IPv4 ranges

You assign Policy1 to Group1 and Group2. You exclude Group3 from Policy1.

Which devices will apply Policy1?

A. Device1, Device2, Device4, and Device5

B. Device1, Device4, and Device5 only

C. Device4 and Device5 only

D. Device1, Device3, Device4 and Device5

Answer: A

Explanation
Policy1 is applied to all devices in Group1 and Group2. It is not applied to any devices in Group3, unless those
devices are also members of Group1 or Group2.

Note: The phrase "You exclude Group3 from Policy1" is misleading. It means that Policy1 is not applied to
Group3, rather than Group3 being blocked.

Question #:74 - (Exam Topic 3)

Your company has a Microsoft 365 subscription.

The company uses Microsoft Intune to manage all devices.

The company uses conditional access to restrict access to Microsoft 365 services for devices that do not

comply with the company’s security policies.

You need to identify which devices will be prevented from accessing Microsoft 365 services.

What should you use?

A. The Device Health solution in Windows Analytics.

B. Windows Defender Security Center.

C. The Device compliance blade in the Intune admin center.

D. The Conditional access blade in the Azure Active Directory admin center.

100% Success with DumpsPedia.com 135 of 235

Braindumps Questions Microsoft - MD-101

Answer: C

Question #:75 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

You save a provisioning package named Package1 to a folder named C:\Folder1.

You need to apply Package1 to Computer1.

Solution: From the Settings app, you select Access work or school, and then you select Add or remove a
provisioning package.

Does this meet the goal?

A. Yes

B. No

Answer: A

Explanation
To install a provisioning package, navigate to Settings > Accounts > Access work or school > Add or remove
a provisioning package > Add a package, and select the package to install.

Reference:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package

Question #:76 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the
following table.

100% Success with DumpsPedia.com 136 of 235

Braindumps Questions Microsoft - MD-101

You need to configure device enrollment to meet the following requirements:

Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager.

Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a
selection made by users during the enrollment.

Which device enrollment setting should you configure for each requirement? To answer, select the appropriate
options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 137 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set

https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping

100% Success with DumpsPedia.com 138 of 235

Braindumps Questions Microsoft - MD-101

Question #:77 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD)

You plan to replace the computers with new computers that run Windows 10. The new computers will be
joined to Azure AD.

You need 10 ensure that the desktop background, the favorites, and the browsing history are available on the
new computer.

What should you use?

A. Roaming user profiles

B. Folder Redirection

C. The Microsoft SharePoint Migration Tool

D. Enterprise State Roaming

Answer: D

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-windows-settings-reference

Question #:78 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several
Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10
devices to contoso.com.

Solution: From the Azure Active Directory admin center, you configure the Authentication methods.

100% Success with DumpsPedia.com 139 of 235

Braindumps Questions Microsoft - MD-101

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
Instead, from the Azure Active Directory admin center, you configure automatic mobile device management
(MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for
Business enrollment options.

References:

https://docs.microsoft.com/en-us/intune/protect/windows-hello

Question #:79 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your company uses Windows AutoPilot to configure the computer settings of computers issued to users.

A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.

You plan to transfer the computer to a user named User2.

You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting
and to agree to the license agreement.

Solution: You perform a remote Windows AutoPilot Reset.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset-remote

100% Success with DumpsPedia.com 140 of 235

Braindumps Questions Microsoft - MD-101

Question #:80 - (Exam Topic 3)

Your network contains an on-premises Active Directory domain and an Azure Active Directory (Azure AD)
tenant The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following
table.

You need to migrate the existing Default Domain Poky GPO swings w a device configuration profile. Which
type of device configuration profile should you create?

A. Administrative Templates

B. Endpoint protection

C. Custom

D. Device restrictions

Answer: C

Reference:

https://danielchronlund.com/2018/11/27/how-to-replace-your-old-gpos-with-intune-configuration-profiles/

Question #:81 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your company uses Windows Update for Business.

The research department has several computers that have specialized hardware and software installed.

You need to prevent the video drivers from being updated automatically by using Windows Update.

100% Success with DumpsPedia.com 141 of 235

Braindumps Questions Microsoft - MD-101

Solution: From the Device Installation settings in a Group Policy object (GPO), you enable Specify search

order for device driver source locations, and then you select Do not search Windows Update.

Does this meet the goal?

A. Yes

B. No

Answer: A

Explanation
References:

https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-
CC-000024

Question #:82 - (Exam Topic 3)

You have a Microsoft 365 subscription.

A remote user purchases a laptop from a retail store. The laptop is intended for company use and has Windows
10 Pro edition installed.

You need to configure the laptop to meet the following requirements:

Modify the layout of the Start menu

Upgrade Windows 10 to Windows 10 Enterprise

Join the laptop to a Microsoft Azure Active Directory (Azure AD) domain named contoso.com

What should you do?

A. Create a custom Windows image (.wim) file that contains an image of Windows 10 Enterprise and
upload the file to a Microsoft

B. Create a provisioning package (.ppkg) file and email the file to the user

C. Create a Windows To Go workspace and ship the workspace to the user

D. Create a Sysprep Unattend (.xml) file and email the file to the user

Answer: B

Reference:

100% Success with DumpsPedia.com 142 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-packages

Question #:83 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You have 25 Microsoft Surface Hub devices that you plan to manage by using Microsoft Endpoint Manager.

You need to configure the devices to meet the following requirements:

Enable Windows Hello for Business.

Configure Microsoft Defender SmartScreen to block users from running unverified files.

Which profile types should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 143 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/identity-protection-windows-settings?toc=/intune/configuration/to

https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.js

Question #:84 - (Exam Topic 3)

100% Success with DumpsPedia.com 144 of 235

Braindumps Questions Microsoft - MD-101

You have computers that run Windows 10 Pro. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You need to upgrade the computers to Windows 10 Enterprise.

What should you configure in Intune?

A. A device enrollment policy

B. A device cleanup rule

C. A device compliance policy

D. A device configuration profile

Answer: D

Reference:

https://blogs.technet.microsoft.com/skypehybridguy/2018/09/21/intune-upgrade-windows-from-pro-toenterprise-autom

Question #:85 - (Exam Topic 3)

You have a Microsoft 365 subscription.

All computers are enrolled in Microsoft Intune.

You have business requirements for securing your Windows 10 environment as shown in the following table.

What should you implement to meet each requirement? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 145 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 146 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/advanced-threat-protection.md

Question #:86 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the devices shown
in the following table.

All devices contain an app named App1 and are enrolled in Microsoft Intune.

You need to prevent users from copying data from App1 and pasting the data into other apps.

Which type of policy and how many policies should you create in Intune? To answer, select the appropriate
options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 147 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies-configure-windows-10

Question #:87 - (Exam Topic 3)

100% Success with DumpsPedia.com 148 of 235

Braindumps Questions Microsoft - MD-101

You need to enable Windows Defender Credential Guard on computers that run Windows 10.

What should you install on the computers?

A. Hyper-V

B. Windows Defender Application Guard

C. a guarded host

D. containers

Answer: A

Question #:88 - (Exam Topic 3)

You install a feature update on a computer that runs Windows 10.

How many days do you have to roll back the update?

A. 5

B. 10

C. 14

D. 30

Answer: B

Explanation
Microsoft has changed the time period associated with operating system rollbacks with Windows 10 version
1607, decreasing it to 10 days. Previously, Windows 10 had a 30-day rollback period.

References:

https://redmondmag.com/articles/2016/08/04/microsoft-shortens-windows-10-rollback-period.aspx

Question #:89 - (Exam Topic 3)

Your network contains an on-premises Active Directory forest named contoso.com that syncs to Azure Active
Directory (Azure AD). Azure AD contains the users shown in the following table.

100% Success with DumpsPedia.com 149 of 235

Braindumps Questions Microsoft - MD-101

You assign Windows 10 Enterprise E5 licenses to Group1 and User2.

You add computers to the network as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 150 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation

Question #:90 - (Exam Topic 3)

Your company has computers that run Windows 10. The employees at the company use the computers.

You plan to monitor the computers by using the Update Compliance solution.

You create the required resources in Azure.

You need to configure the computers to send enhanced Update Compliance data.

Which two Group Policy settings should you configure? To answer, select the appropriate settings in the
answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 151 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 152 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 153 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-configuration-manual

Question #:91 - (Exam Topic 3)

You have a public computer named Public1 that runs Windows 10.

Users use Public1 to browse the Internet by using Microsoft Edge.

You need to view events associated with website phishing attacks on Public1.

Which Event Viewer log should you view?

A. Applications and Services Logs > Microsoft\Windows > DeviceGuard > Operational

B. Applications and Services Logs > Microsoft > Windows > Security-Mitigations> User Mode

C.

100% Success with DumpsPedia.com 154 of 235

Braindumps Questions Microsoft - MD-101

C. Applications and Services Logs > Microsoft > Windows > SmartScreen > Debug

D. Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational

Answer: C

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/

microsoft-defender-smartscreen-overview#viewing-windows-event-logs-for-microsoft-defender-smartscreen

Question #:92 - (Exam Topic 3)

You have 100 devices that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).

You need to prevent users from joining their home computer to Azure AD.

What should you do?

A. From the Device enrollment blade in the Intune admin center, modify the Enrollment restriction settings.

B. From the Devices blade in the Azure Active Directory admin center, modify the Device settings.

C. From the Device enrollment blade in the Intune admin center, modify the Device enrollment manages
settings.

D. From the Mobility (MDM and MAM) blade in the Azure Active Directory admin center, modify the
Microsoft Intune enrollment settings.

Answer: B

Explanation
References:

https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set

Question #:93 - (Exam Topic 3)

You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.

You create a workspace in Microsoft Azure Log Analytics.

You need to capture the event logs from the computers to Azure.

What should you do? To answer, select the appropriate options in the answer area.

100% Success with DumpsPedia.com 155 of 235

Braindumps Questions Microsoft - MD-101

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 156 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows

Question #:94 - (Exam Topic 3)

Your company has a Microsoft 365 subscription.

A new user named Admin1 is responsible for deploying Windows 10 to computers and joining the computers
to Microsoft Azure Active Directory (Azure AD).

Admin1 successfully joins computers to Azure AD.

Several days later, Admin1 receives the following error message: “This user is not authorized to enroll. You
can try to do this again or contact your system administrator with the error code (0x801c0003).”

You need to ensure that Admin1 can join computers to Azure AD and follow the principle of least privilege.

A. Assign the Global administrator role to Admin1.

B. Modify the Device settings in Azure AD.

C. Assign the Cloud device administrator role to Admin1.

D. Modify the User settings in Azure AD.

Answer: B

Explanation
References:

100% Success with DumpsPedia.com 157 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

Question #:95 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You need to deploy Microsoft Office 365 ProPlus applications to Windows 10 devices.

What should you do first?

A. From Microsoft Azure Active Directory (Azure AD), create an app registration.

B. From the Device Management admin center, create an app.

C. From the Device Management admin center, create an app configuration policy.

D. From the Device Management admin center, enable Microsoft Store for Business synchronization

Answer: B

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-office365

Question #:96 - (Exam Topic 3)

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure
AD). The domain contains computers that run Windows 10. The computers are enrolled in Microsoft Intune
and Windows Analytics.

Your company protects documents by using Windows Information Protection (WIP).

You need to identify non-approved apps that attempt to open corporate documents.

What should you use?

A. the Device Health solution in Windows Analytics

B. Microsoft Cloud App Security

C. Intune Data Warehouse

D. the App protection status report in Intune

Answer: D

Explanation
References:

100% Success with DumpsPedia.com 158 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/wip-learnin

Question #:97 - (Exam Topic 3)

You have computers that run Windows 10 as shown in the following table.

Computer2 and Computer3 are enrolled in Microsoft Intune.

In a Group Policy object (GPO) linked to the domain, you enable the Computer Configuration/Administrative
Templates/Windows Components/Search/Allow Cortana setting.

In an Intune device configuration profile, you configure the following:

Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP to a value of 1

Experience/AllowCortana to a value of 0.

Each of the following statement, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 159 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/

Question #:98 - (Exam Topic 3)

Your company uses Microsoft Intune to manage Windows 10, Android, and iOS devices.

Several users purchase new iPads and Android devices.

You need to tell the users how to enroll their device in Intune.

What should you instruct the users to use for each device? To answer, select the appropriate options in the
answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 160 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 161 of 235

Braindumps Questions Microsoft - MD-101

The Intune Company Portal app is used to enroll Android, iOS, macOS, and Windows devices

References:

https://docs.microsoft.com/en-us/intune-user-help/enroll-device-android-company-portal

https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-ios

https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp

Question #:99 - (Exam Topic 3)

Your company has several Windows 10 devices that are enrolled in Microsoft Inline.

You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.

You need to enroll Computer1 in Intune.

Solution: From the Settings app on Computer1, you use the Connect to work or school account settings.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation

100% Success with DumpsPedia.com 162 of 235

Braindumps Questions Microsoft - MD-101

Use MDM enrolment.

MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory
joined PC into Intune. Users enroll from Settings on the existing Windows PC.

References:

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods

Question #:100 - (Exam Topic 3)

You enable controlled folder access in audit mode for several computers that run Windows 10. You need to
review the events audited by controlled folder access. Which Event Viewer log should you view?

A. Applications and Services\Microsoft\Windows\Known Folders\Operational

B. Applications and Services\Microsoft\Windows\Windows Defender\Operational

C. Windows\Security

Answer: B

Question #:101 - (Exam Topic 3)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You redirect Windows known folders to Microsoft OneDrive for Business.

Which folder will be included in the redirection?

A. Saved Games

B. Desktop

C. Music

D. Downloads

Answer: B

Explanation
References:

https://docs.microsoft.com/en-us/onedrive/redirect-known-folders

100% Success with DumpsPedia.com 163 of 235

Braindumps Questions Microsoft - MD-101

Question #:102 - (Exam Topic 3)

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure
AD).

You have a Microsoft 365 subscription.

You create a conditional access policy for Microsoft Exchange Online.

You need to configure the policy to prevent access to Exchange Online unless is connecting from a device that
is hybrid Azure AD-joined.

Which settings should you configure?

A. Locations

B. Device platforms

C. Sign-in risk

D. Device state

Answer: D

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions#device-state

Question #:103 - (Exam Topic 3)

Your network contains an Active Directory domain named contoso.com. The domain contains 500 computers
that run Windows 7. Some of the computers are used by multiple users.

You plan to refresh the operating system of the computers to Windows 10.

You need to retain the personalization settings to applications before you refresh the computers. The solution
must minimize network bandwidth and network storage space.

Which command should you run on the computer? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 164 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

References:

https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax#how-to-use-ui-and-ue

Question #:104 - (Exam Topic 3)

Your company has several Windows 10 devices that are enrolled in Microsoft Inline.

You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.

You need to enroll Computer1 in Intune.

Solution: From Computer1, you sign in to https://portal.azure.com and use the Windows enrollment blade.

Does this meet the goal?

100% Success with DumpsPedia.com 165 of 235

Braindumps Questions Microsoft - MD-101

A. Yes

B. No

Answer: B

Explanation
Use MDM enrolment.

MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory
joined PC into Intune. Users enroll from Settings on the existing Windows PC.

Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods

Question #:105 - (Exam Topic 3)

Your company has several Windows 10 devices that are enrolled in Microsoft Inline.

You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.

You need to enroll Computer1 in Intune.

Solution: From Computer1, you sign in to https://portal.manage.microsoft.com and use the Devices tab.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
Use MDM enrolment.

MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory
joined PC into Intune. Users enroll from Settings on the existing Windows PC.

Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods

Question #:106 - (Exam Topic 3)

Your company has an infrastructure that has the following:

100% Success with DumpsPedia.com 166 of 235

Braindumps Questions Microsoft - MD-101

A Microsoft 365 tenant

An Active Directory forest

Microsoft Store for Business

A Key Management Service (KMS) server

A Windows Deployment Services (WDS) server

A Microsoft Azure Active Directory (Azure AD) Premium tenant

The company purchases 100 new computers that run Windows 10.

You need to ensure that the new computers are joined automatically to Azure AD by using Windows
AutoPilot.

What should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 167 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/intune/enrollment-autopilot

Question #:107 - (Exam Topic 3)

You have a hybrid Microsoft Azure Active Directory (Azure AD) tenant, a Microsoft System Center
Configuration Manager (Current Branch) environment, and a Microsoft 365 subscription.

You have computers that run Windows 10 as shown in the following table.

100% Success with DumpsPedia.com 168 of 235

Braindumps Questions Microsoft - MD-101

You plan to use Microsoft 365 Device Management.

Which computers support co-management by Configuration Manager and Device Management?

A. Computer1, Computer2, and Computer3

B. Computer3 only

C. Computer1 and Computer2 only

D. Computer2 only

Answer: A

Reference:

https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview

Question #:108 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant and 100 Windows 10 devices that are Azure AD
joined and managed by using Microsoft Intune.

You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The
solution must minimize administrative effort.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the
Endpoint protection settings.

B. To configure Microsoft Defender Firewall, crate a device configuration profile and configure the Device
restrictions settings.

C. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure
Windows Defender Firewall with Advanced Security.

D. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure
Windows Defender Antivirus settings.

100% Success with DumpsPedia.com 169 of 235

Braindumps Questions Microsoft - MD-101

E. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the
Device restrictions settings.

F. To configure Microsoft Defender Firewall, create a device configuration profile and configure the
Endpoint protection settings.

Answer: A F

Explanation
F: With Intune, you can use device configuration profiles to manage common endpoint protection security
features on devices, including:

Firewall

BitLocker

Allowing and blocking apps

Microsoft Defender and encryption

Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-configure

https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-policy#create-an-endpoint-security-policy

Question #:109 - (Exam Topic 3)

Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active
Directory (Azure AD).

There are 500 domain-joined computers that run Windows 10. The computers are joined to Azure AD and
enrolled in Microsoft Intune.

You plan to implement Windows Defender Exploit Guard.

You need to create a custom Windows Defender Exploit Guard policy, and then distribute the policy to all the
computers.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 170 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 171 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-pr

Question #:110 - (Exam Topic 3)

Your company has a computer named Computer1 that runs Windows 10 Pro.

The company develops a proprietary Universal Windows Platform (UWP) app named App1. App1 is signed
with a certificate from a trusted certification authority (CA).

You need to sideload App1 to Computer1.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 172 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 173 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://www.windowscentral.com/how-enable-windows-10-sideload-apps-outside-store

https://docs.microsoft.com/en-us/windows/application-management/sideload-apps-in-windows-10

Question #:111 - (Exam Topic 3)

Your network contains an Active Directory domain. The functional level of the forest and the domain is

Windows Server 2012 R2.

The domain contains 500 computers that run Windows 10. All the computers are managed by using Microsoft

System Center 2012 R2 Configuration Manager.

You need to enable co-management.

What should you do first?

A. Deploy the Microsoft Intune client.

B. Raise the forest functional level.

C. Upgrade Configuration Manager to Current Branch.

D. Raise the domain functional level.

Answer: C

Question #:112 - (Exam Topic 3)

Your network contains an Active Directory domain named contoso.com. The domain contains 200 computers
that run Windows 10.

Folder Redirection for the Desktop folder is configured as shown in the following exhibit.

100% Success with DumpsPedia.com 174 of 235

Braindumps Questions Microsoft - MD-101

The target is set to Server1.

You plan to use known folder redirection in Microsoft OneDrive for Business.

You need to ensure that the desktop content of users remains on their desktop when you implement known
folder redirection.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Clear the Grant the user exclusive rights to Desktop check box.

B. Change the Policy Removal setting.

C.

100% Success with DumpsPedia.com 175 of 235

Braindumps Questions Microsoft - MD-101

C. Disable Folder Redirection.

D. Clear the Move the contents of Desktop to the new location check box.

Answer: B C

Explanation
The OneDrive Known Folder Move Group Policy objects won't work if you previously used Windows Folder
Redirection Group Policy objects to redirect the Documents, Pictures, or Desktop folders to a location other
than OneDrive. Remove the Windows Group Policy objects for these folders before you enable the OneDrive
Group Policy objects. The OneDrive Group Policy objects won't affect the Music and Videos folders, so you
can keep them redirected with the Windows Group Policy objects. For info about Windows Folder
Redirection, see Deploy Folder Redirection with Offline Files."

Question #:113 - (Exam Topic 3)

You have 100 computers that run Windows 8.1.

You plan to deploy Windows 10 to the computers by performing a wipe and load installation.

You need to recommend a method to retain the user settings and the user data.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.

100% Success with DumpsPedia.com 176 of 235

Braindumps Questions Microsoft - MD-101

Answer:

100% Success with DumpsPedia.com 177 of 235

Braindumps Questions Microsoft - MD-101

Explanation

References:

https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios

http://itproguru.com/expert/2016/01/step-by-step-how-to-mi
grate-users-and-user-data-from-xp-vista-windows-7-or-8-to-windows-10-using-microsoft-tool-usmt-user-state-migratio

Question #:114 - (Exam Topic 3)

100% Success with DumpsPedia.com 178 of 235

Braindumps Questions Microsoft - MD-101

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory
(Azure AD). The domain contains the users shown in the following table.

Enterprise State Roaming is enabled for User2.

You have the computers shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 179 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Question #:115 - (Exam Topic 3)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory
(Azure AD) and enrolled in Microsoft Intune.

You need to ensure that only applications that you explicitly allow can run on the computers.

What should you use?

A. Windows Defender Credential Guard

B. Windows Defender Exploit Guard

C. Windows Defender Application Guard

D. Windows Defender Antivirus.

Answer: C

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guardvirtualiz

based-security-and-windows-defender-application-control

Question #:116 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains two computers
named Computer1 and Computer2. The computers run Windows 10 and are members of a group named
GroupA.

100% Success with DumpsPedia.com 180 of 235

Braindumps Questions Microsoft - MD-101

The tenant contains a user named User1 that is a member of a group named Group 1.

You need to ensure that if User1 changes the desktop background on Computer1, the new desktop background
will appear when User1 signs in to Computer2.

What should you do?

A. Create a device configuration profile for Windows 10 and configure the Shared multi-user device
settings. Assign the profile to GroupA.

B. From the Azure Active Directory admin center, enable Enterprise State Roaming for Group1.

C. From the Azure Active Directory admin center, enable Enterprise State Roaming for GroupA.

D. Create a device configuration profile for Windows 10 and configure the Shared multi-user device
settings. Assign the profile to Group 1.

Answer: D

Question #:117 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM)

You need to deploy the Microsoft Office 365 ProPlus suite to all the computers. What should you do?

A. From Microsoft Azure Active Directory (Azure AD), add an app registration.

B. From the Device Management admin center, add an app.

C. From the Device Management admin center, create a Windows 10 device profile.

D. From Microsoft Azure Active Directory (Azure AD), add an enterprise application

Answer: D

Reference:

https://docs.microsoft.com/en-us/windows/client-management/mdm/enterprise-app-management#application-managem

Question #:118 - (Exam Topic 3)

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All users have
computers that run Windows 10. The computers are joined to Azure AD and managed by using Microsoft
Intune.

100% Success with DumpsPedia.com 181 of 235

Braindumps Questions Microsoft - MD-101

You need to ensure that you can centrally monitor the computers by using Windows Analytics.

What should you create in Intune?

A. a device configuration profile

B. a conditional access policy

C. a device compliance policy

D. an update policy

Answer: A

Explanation
References:

https://www.scconfigmgr.com/2019/03/27/windows-analytics-onboarding-with-intune/

Question #:119 - (Exam Topic 3)

You manage a Microsoft 365 environment that has co-management enabled.

All computers run Windows 10 and are deployed by using the Microsoft Deployment Toolkit (MDT).

You need to recommend a solution to deploy Microsoft Office 365 ProPlus to new computers. The latest
version must always be installed. The solution must minimize administrative effort.

What is the best tool to use for the deployment? More than one answer choice may achieve the goal. Select the
BEST answer.

A. Microsoft Intune

B. Microsoft Deployment Toolkit

C. Office Deployment Toolkit (ODT)

D. a Group Policy object (GPO)

E. Microsoft System Center Configuration Manager

Answer: C

Explanation
References:

https://docs.microsoft.com/en-us/deployoffice/overview-of-the-office-2016-deployment-tool

100% Success with DumpsPedia.com 182 of 235

Braindumps Questions Microsoft - MD-101

Question #:120 - (Exam Topic 3)

Your company has computers that run Windows 10. The company uses Microsoft Intune to manage the
computers.

You have an app protection policy for Microsoft Edge. You assign the policy to a group.

On a computer named Computer1, you open Microsoft Edge.

You need to verify whether Microsoft Edge on Computer1 is protected by the app protection policy.

Which column should you add in Task Manager?

A. Operating system context

B. UAC virtualization

C. Enterprise Context

D. Data Execution Prevention

Answer: C

Reference:

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/wip-app-en

https://www.itpromentor.com/win10-mam-wip/

Question #:121 - (Exam Topic 3)

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory
(Azure AD). The domain contains computers that run Windows 10. The computers are configured as shown in
the following table.

All the computers are enrolled in Microsoft Intune.

You configure the following Maintenance Scheduler settings in the Default Domain Policy:

Turn off auto-restart for updates during active hours: Enabled

Active hours start: 08:00

Active hours end: 22:00

100% Success with DumpsPedia.com 183 of 235

Braindumps Questions Microsoft - MD-101

In Intune, you create a device configuration profile named Profile1 that has the following OMA-URI settings:

./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP set to value 1

./Device/Vendor/MSFT/Policy/Config/Update/ActiveHoursStart set to value 9

./Device/Vendor/MSFT/Policy/Config/Update/ActiveHoursEnd set to value 21

You assign Profile to Group1.

How are the active hours configured on Computer1 and Computer2? To answer, select the appropriate options
in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 184 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict

Question #:122 - (Exam Topic 3)

You have unrooted devices enrolled in Microsoft Intune as shown in the following table.

The devices are members of a group named Group1.

In Intune, you create a device compliance location that has the following configurations:

Name: Network1

IPv4 range: 192.168.0.0/16

In Intune, you create a device compliance policy for the Android platform. The policy has following
configurations:

Name: Policy1

Device health: Rooted devices: Block

100% Success with DumpsPedia.com 185 of 235

Braindumps Questions Microsoft - MD-101

Locations: Location: Network1

Mark device noncompliant: Immediately

Assigned: Group1

In Intune device compliance policy has the following configurations:

Mark devices with no compliance policy assigned as: Compliant

Enhanced jailbreak detection: Enabled

Compliance status validity period (days): 20

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 186 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/intune/device-compliance-get-started

Question #:123 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

Your company uses Windows Update for Business.

The research department has several computers that have specialized hardware and software installed.

You need to prevent the video drivers from being updated automatically by using Windows Update.

Solution: From the Windows Update settings in a Group Policy object (GPO), you enable Do not include
drivers with Windows Updates.

Does this meet the goal?

A. Yes

B. No

Answer: A

Explanation
References:

https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000

100% Success with DumpsPedia.com 187 of 235

Braindumps Questions Microsoft - MD-101

Question #:124 - (Exam Topic 3)

You are creating a device configuration profile in Microsoft Intune.

You need to implement an ADMX-backed policy.

Which profile type should you use?

A. Identity protection

B. Custom

C. Device restrictions

D. Device restrictions (Windows 10 Team)

Answer: B

Reference:

https://blogs.technet.microsoft.com/senthilkumar/2018/05/21/intune-deploying-admx-backed-policies-usingmicrosoft-in

Question #:125 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several
Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10
devices to contoso.com.

Solution: From the Azure Active Directory admin center, you modify the User settings and the Device
settings.

Does this meet the goal?

A. Yes

B. No

Answer: B

100% Success with DumpsPedia.com 188 of 235

Braindumps Questions Microsoft - MD-101

Explanation
Instead, from the Azure Active Directory admin center, you configure automatic mobile device management
(MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for
Business enrollment options.

Reference:

https://docs.microsoft.com/en-us/intune/protect/windows-hello

Question #:126 - (Exam Topic 3)

You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace.

You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

You need to ensure that you can use Log Analytics to query events from Computer1.

What should you do on Computer1?

A. Configure the commercial ID

B. Join Azure Active Directory (Azure AD)

C. Create an event subscription

D. Install the Microsoft Monitoring Agent

Answer: D

Explanation
References:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows

Question #:127 - (Exam Topic 3)

You have a Microsoft 365 subscription. All devices run Windows 10.

You need to prevent users from enrolling the devices in the Windows Insider Program.

What should you configure from Microsoft 365 Device Management? Each correct answer presents part of the
solution.

NOTE: Each correct selection is worth one point.

A. a Windows 10 security baseline

100% Success with DumpsPedia.com 189 of 235

Braindumps Questions Microsoft - MD-101

B. an app configuration policy

C. a custom device configuration profile

D. a Windows 10 update ring

E. a device restrictions device configuration profile

Answer: D

Question #:128 - (Exam Topic 3)

Your company purchases new computers that run Windows 10. The computers have cameras that support
Windows Hello for Business.

You configure the Windows Hello for Business Group Policy settings as shown in the following exhibit.

What are two valid methods a user can use to sign in? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Facial recognition

B. A smartwatch that is Bluetooth-enabled

C. A PIN

D. A USB key

Answer: A C

100% Success with DumpsPedia.com 190 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://community.windows.com/en-us/stories/windows-sign-in-options

https://fossbytes.com/how-to-unlock-windows-10/

Question #:129 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You need to ensure that feature and quality updates install automatically during a maintenance window.

Solution: From the Windows Update settings, you enable Configure Automatic Updates, select 4-Auto

download and schedule the install, and then enter a time.

Does this meet the goal?

A. Yes

B. No

Answer: B

Reference:

https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates

Question #:130 - (Exam Topic 3)

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory
(Azure AD).

The Active Directory domain contains 200 computers that run Windows 10. The computers are managed by
using Microsoft System Center Configuration Manager (Current Branch).

You need to pilot co-management for only five of the computers.

What should you create first?

A. a domain local distribution group in Active Directory

100% Success with DumpsPedia.com 191 of 235

Braindumps Questions Microsoft - MD-101

B. an Intune Connector for Active Directory

C. a device collection in Configuration Manager

D. a dynamic device group in Azure AD

Answer: C

Explanation
The Pilot Intune setting switches the associated workload only for the devices in the pilot collection.

Note: When you enable co-management, you'll assign a collection as a Pilot group. This is a group that
contains a small number of clients to test your co-management configurations. We recommend you create a
suitable collection before you start the procedure. Then you can select that collection without exiting the
procedure to do so.

References:

https://docs.microsoft.com/en-us/configmgr/comanage/tutorial-co-manage-new-devices

Question #:131 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

You save a provisioning package named Package1 to a folder named C:\Folder1.

You need to apply Package1 to Computer1.

Solution: At a command prompt, you change the current folder to C:\Folder1, and then you run the
RegSvr32.exe Package1.ppkg command.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
To install a provisioning package, navigate to Settings > Accounts > Access work or school > Add or remove

100% Success with DumpsPedia.com 192 of 235

Braindumps Questions Microsoft - MD-101

a provisioning package > Add a package, and select the package to install.

Reference:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package

Question #:132 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named adatum.com The tenant contains Windows 10
devices that are enrolled in Microsoft Intune.

You create an Azure Log Analytics workspace and add the Device Health solution to the workspace.

You need to create a custom device configuration profile that will enroll the Windows 10 devices in Device
Health.

Which OMA-URI should you add to the profile?

A. ./Vendor/MSFT/DMClient/Provider/MS DM Server/Push

B. ./Vendor/MSFT/DMClient/Provider/MS DM Server/Push/ChannelURI

C. ./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID

D. ./Vendor/MSFT/DMClient/Provider/MS DM Server/ManagementServerAddressList

Answer: C

Explanation
References:

https://allthingscloud.blog/monitor-windows-10-updates-for-intune-mdm-enrolled-devices/

Question #:133 - (Exam Topic 3)

Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows
10.

You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune.

You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune.

The solution must minimize administrative effort.

What should you use?

A. An Autodiscover address record.

B.

100% Success with DumpsPedia.com 193 of 235

Braindumps Questions Microsoft - MD-101

B. A Windows AutoPilot deployment profile.

C. An Autodiscover service connection point (SCP).

D. A Group Policy object (GPO).

Answer: B

Reference:

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Autopilot-Hybrid-Azure-AD-join-andautoma

Question #:134 - (Exam Topic 3)

You use Windows Defender Advanced Threat Protection (Windows Defender ATP) to protect computers that
run Windows 10.

You need to assess the differences between the configuration of Windows Defender ATP and the Microsoft
recommended configuration baseline.

Which tool should you use?

A. Windows Defender Security Center

B. Windows Analytics

C. Windows Defender ATP Power BI app

D. Microsoft Secure Score

Answer: D

Explanation
References:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-securescore

Question #:135 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

Your company uses Windows Autopilot to configure the computer settings of computers issued to users.

100% Success with DumpsPedia.com 194 of 235

Braindumps Questions Microsoft - MD-101

A user named User1 has a computer named Computer1 that runs Windows 10.

User1 leaves the company.

You plan to transfer the computer to a user named User2.

You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting
and to agree to the license agreement.

Solution: You perform a local Windows Autopilot Reset.

Does this meet the goal?

A. Yes

B. No

Answer: B

Reference:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset

Question #:136 - (Exam Topic 3)

You network contains an Active Directory domain. The domain contains 200 computers that run Windows
8.1. You have a Microsoft Azure subscription.

You plan to upgrade the computers to Windows 10.

You need to generate an Upgrade Readiness report for the computers.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 195 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 196 of 235

Braindumps Questions Microsoft - MD-101

Question #:137 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named
User1. User1 has the devices shown in the following table.

On September 5, 2019, you create and enforce a terms of use (ToU) in contoso.com. The ToU has the
following settings:

Name: Terms1

Display name: Terms name

Require users to expand the terms of use: Off

Require users to consent on every device: On

Expire consents: On

Expire starting on: October 10, 2019

Frequency Monthly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 197 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use#frequently-asked-questions

Question #:138 - (Exam Topic 3)

You have a Microsoft Intune subscription.

You create the Windows Autopilot deployment profile-shown in the following exhibit.

100% Success with DumpsPedia.com 198 of 235

Braindumps Questions Microsoft - MD-101

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 199 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 200 of 235

Braindumps Questions Microsoft - MD-101

References:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/user-driven

Question #:139 - (Exam Topic 3)

You have a Microsoft 365 subscription.

You have a conditional access policy that requires multi-factor authentication (MFA) for users in a group
name Sales when the users sign in from a trusted location. The policy is configured as shown in the exhibit.
(Click the Exhibit tab.)

100% Success with DumpsPedia.com 201 of 235

Braindumps Questions Microsoft - MD-101

You create a compliance policy.

You need to ensure that the users are authenticated only if they are using a compliant device.

What should you configure in the conditional access policy?

A. a condition

B. a session control

C. a cloud app

D.

100% Success with DumpsPedia.com 202 of 235

Braindumps Questions Microsoft - MD-101

D. a grant control

Answer: A

Explanation
The device state condition can be used to exclude devices that are hybrid Azure AD joined and/or devices
marked as compliant with a Microsoft Intune compliance policy from an organization's Conditional Access
policies.

Device state is located on the Condition tab.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#devic

Question #:140 - (Exam Topic 3)

You use Microsoft Intune to manage client computers. The computers run one of the following operating
systems:

Windows 8.1

Windows 10 Pro

Windows 10 Enterprise

Windows 10 Enterprise LTSC

You plan to manage Windows updates on the computers by using update rings.

Which operating systems support update rings?

A. Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Enterprise LTSC only

B. Windows 8.1, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Enterprise LTSC

C. Windows 10 Enterprise and Windows 10 Enterprise LTSC only

D. Windows 10 Pro and Windows 10 Enterprise only

Answer: D

Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure

Question #:141 - (Exam Topic 3)

100% Success with DumpsPedia.com 203 of 235

Braindumps Questions Microsoft - MD-101

You are licensed for Microsoft Endpoint Manager.

You use Microsoft Endpoint Configuration Manager and Microsoft Intune.

You have devices enrolled in Configuration Manager as shown in the following table.

In Configuration Manager, you enable co-management and configure the following settings:

Automatic enrolment in Intune: Pilot

Intune Auto Enrollment: Collection1

In Configuration Manager, you configure co-management staging to have the following settings:

Compliance policies: Collection2

Device Configuration: Collection1

In Configuration Manager, you configure co-management workloads as shown in the following exhibit.

100% Success with DumpsPedia.com 204 of 235

Braindumps Questions Microsoft - MD-101

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

100% Success with DumpsPedia.com 205 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 206 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/mem/configmgr/comanage/workloads

Question #:142 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1. User1 has the
device shown in the following table.

Enterprise State Roaming is configured for User1.

User1 signs in to Device4 and changes the desktop.

You need to identify on which devices User1 will have a changed desktop.

Which devices should you identify?

A. Device1, Device2, Device3, and Device4

B. Device4 only

C. Device2, Device3, and Device4 only

D. Device2 and Device4 only

E. Device3 and Device4 only

Answer: A

Explanation
The requirements of Enterprise State Roaming are:

Windows 10, with the latest updates, and a minimum Version 1511 (OS Build 10586 or later) is
installed on the device.

The device is Azure AD joined or hybrid Azure AD joined.

100% Success with DumpsPedia.com 207 of 235

Braindumps Questions Microsoft - MD-101

Ensure that Enterprise State Roaming is enabled for the tenant in Azure AD.

The user is assigned an Azure Active Directory Premium license.

The device must be restarted and the user must sign in again to access Enterprise State Roaming
features.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-troubleshooting

Question #:143 - (Exam Topic 3)

You need to assign the same deployment profile to all the computers that are configured by using Windows
Autopilot.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: each correct selection is worth one point.

A. Join the computers to Microsoft Azure Active Directory (Azure AD)

B. Assign a Windows AutoPilot deployment profile to a group

C. Join the computers to an on-premises Active Directory domain

D. Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and
uses the operatingSystem tag

E. Create a Group Policy object (GPO) that is linked to a domain

F. Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and
uses the ZTDID tag

Answer: B F

Explanation
References:

https://www.petervanderwoude.nl/post/automatically-assign-windows-autopilot-deployment-profile-to-windowsautopil

Question #:144 - (Exam Topic 3)

Your company has a computer named Computer1 that runs Windows 10.

Computer1 was used by a user who left the company.

100% Success with DumpsPedia.com 208 of 235

Braindumps Questions Microsoft - MD-101

You plan to repurpose Computer1 and assign the computer to a new user. You need to redeploy Computer1 by
using Windows AutoPilot.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.

Answer:

100% Success with DumpsPedia.com 209 of 235

Braindumps Questions Microsoft - MD-101

Explanation

100% Success with DumpsPedia.com 210 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/intune/enrollment-autopilot

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset

Question #:145 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You need to ensure that feature and quality updates install automatically during a maintenance window.

Solution: From the Maintenance Scheduler settings, you configure Automatic Maintenance Random Delay.

Does this meet the goal?

A. Yes

B. No

Answer: A

100% Success with DumpsPedia.com 211 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates

Question #:146 - (Exam Topic 3)

You have an Azure Active Directory (Azure AD) tenant named adatum.com that contains the users shown in
the following table.

You configure the following device settings for the tenant:

Users may join devices to Azure AD: User1

Additional local administrators on Azure AD joined devices: None

You install Windows 10 on a computer named Computer1.

You need to identify which users can join Computer1 to adatum.com, and which users will be added to the
Administrators group after joining adatum.com.

Which users should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 212 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

Question #:147 - (Exam Topic 3)

Your company has a Microsoft Azure Active Directory (Azure AD) tenant and computers that run Windows
10.

100% Success with DumpsPedia.com 213 of 235

Braindumps Questions Microsoft - MD-101

The company uses Microsoft Intune to manage the computers.

The Azure AD tenant has the users shown in the following table.

The device type restrictions in Intune are configured as shown in the following table:

User3 is a device enrollment manager (DEM) in Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 214 of 235

Braindumps Questions Microsoft - MD-101

No, Yes, No

Policy 1 - Priority 1 (Andriod, IOS, Windows) Applied to None Policy 2 - Priority 2 (Windows) Applied to
Group 2 Policy 3 - Priority 3 (Android) Applied to Group 1 User 1 is in G1, so they cannot enroll Windows
devices. User 2 is in both G1 & G2, G2 has P2 with a Pri.2 which means, even though they are in G1, G1 has a
pri.3, so P3 will not apply User 3 Is not a member of any group so the Default will apply. Policy 1 is assigned
to NONE, default is assigned to All users, therefore they can NOT enroll iOS as default is only Android &
Win.

References:

https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android

Question #:148 - (Exam Topic 3)

You need to ensure that feature and quality updates install automatically on a Windows to compute during a
maintenance window.

Solution: in Group Policy. from the Windows Update settings, you enable Configure Automatic Updates,
select 4 - Auto download and schedule the Install, and then enter a time.

Does this meet the goal?

A. Yes

B. No

Answer: B

Question #:149 - (Exam Topic 3)

Your company standardizes on Windows 10 Enterprise for all users.

Some users purchase their own computer from a retail store. The computers run Windows 10 Pro.

You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to
Microsoft Azure Active Directory (Azure AD), and install several Microsoft Store apps. The solution must
meet the following requirements:

Ensure that any applications installed by the users are retained.

Minimize user intervention.

What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal.

Select the BEST answer.

A. Microsoft Deployment ToolKit (MDT)

100% Success with DumpsPedia.com 215 of 235

Braindumps Questions Microsoft - MD-101

B. Windows Deployment Services (WDS)

C. a Windows Configuration Designer provisioning package

D. Windows AutoPilot

Answer: C

Explanation
You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains
customization settings. You can apply the provisioning package to a device running Windows 10.

Question #:150 - (Exam Topic 3)

Your network contains an Active Directory domain named constoso.com that is synced to Microsoft Azure
Active Directory (Azure AD). All computers are enrolled in Microsoft Intune.

The domain contains the computers shown in the following table.

You are evaluating which Intune actions you can use to reset the computers to run Windows 10 Enterprise
with the latest update.

Which computers can you reset by using each action? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 216 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 217 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/intune/device-fresh-start

https://docs.microsoft.com/en-us/intune/devices-wipe

Question #:151 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and
Windows 10 Pro devices.

From Microsoft Intune, you create a device configuration profile named Profile1.

You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.

Solution: You configure an applicability rule for Profile1. You assign Profile1 to Group1.

Does this meet the goal?

A. Yes

B. No

Answer: A

Reference:

100% Success with DumpsPedia.com 218 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create

Question #:152 - (Exam Topic 3)

Your company implements Microsoft Azure Active Directory (Azure AD), Microsoft 365, Microsoft Intune,
and Azure Information Protection.

The company’s security policy states the following:

Personal devices do not need to be enrolled in Intune.

Users must authenticate by using a PIN before they can access corporate email data.

Users can use their personal iOS and Android devices to access corporate cloud services.

Users must be prevented from copying corporate email data to a cloud storage service other than
Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

A. a data loss prevention (DLP) policy from the Security & Compliance admin center

B. a supervision policy from the Security & Compliance admin center

C. an app protection policy from the Intune admin center

D. a device configuration profile from the Intune admin center

Answer: C

Explanation
References:

https://docs.microsoft.com/en-us/intune/app-protection-policy

Question #:153 - (Exam Topic 3)

Your company has computers that run Windows 8.1, Windows 10, or macOS.

The company uses Microsoft Intune to manage the computers.

You need to create an Intune profile to configure Windows Hello for Business on the computers that support
it.

Which platform type and profile type should you use? To answer, select the appropriate options in the answer

100% Success with DumpsPedia.com 219 of 235

Braindumps Questions Microsoft - MD-101

area.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 220 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/intune/endpoint-protection-configure

Question #:154 - (Exam Topic 3)

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure
AD).

You have a Microsoft Office 365 subscription. All computers are joined to the domain and have the latest
Microsoft OneDrive sync client (OneDrive.exe) installed.

On all the computers, you configure the OneDrive settings as shown in the following exhibit.

100% Success with DumpsPedia.com 221 of 235

Braindumps Questions Microsoft - MD-101

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 222 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Box 1:

Silently move known folders to OneDrive is enabled. Known folder include:

Desktop, Documents, Pictures, Screenshots, and Camera Roll

Box 2:

OneDrive Files On-Demand enables users to view, search for, and interact with files stored in OneDrive from
within File Explorer without downloading them and taking up space on the local hard drive.

References:

https://docs.microsoft.com/en-us/onedrive/redirect-known-folders

https://docs.microsoft.com/en-us/onedrive/plan-onedrive-enterprise

100% Success with DumpsPedia.com 223 of 235

Braindumps Questions Microsoft - MD-101

Question #:155 - (Exam Topic 3)

You use Microsoft Endpoint Manager to manage Windows 10 devices.

You are designing a reporting solution that will provide reports on the following:

Compliance policy trends

Trends in device and user enrolment

App and operating system version breakdowns of mobile devices

You need to recommend a data source and a data visualization tool for the design.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 224 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Reference:

https://docs.microsoft.com/en-us/mem/intune/developer/reports-nav-create-intune-reports

https://docs.microsoft.com/en-us/mem/intune/developer/reports-proc-get-a-link-powerbi

Question #:156 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

100% Success with DumpsPedia.com 225 of 235

Braindumps Questions Microsoft - MD-101

You have a Microsoft 365 subscription.

You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).

You plan to replace the computers with new computers that run Windows 10. The new computers will be

joined to Azure AD.

You need to ensure that the desktop background, the favorites, and the browsing history are available on the
new computers.

Solution: You configure roaming user profiles.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation
References:

https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles

Question #:157 - (Exam Topic 3)

Your company has computers that run Windows 10 and are Microsoft Azure Active Directory (Azure
AD)-joined.

The company purchases an Azure subscription.

You need to collect Windows events from the Windows 10 computers in Azure. The solution must enable you
to create alerts based on the collected events.

What should you create in Azure and what should you configure on the computers? To answer, select the
appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

100% Success with DumpsPedia.com 226 of 235

Braindumps Questions Microsoft - MD-101

Answer:

Explanation

100% Success with DumpsPedia.com 227 of 235

Braindumps Questions Microsoft - MD-101

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent

Question #:158 - (Exam Topic 3)

Your company has 1,000 Windows 10 devices that are enrolled in Windows Analytics.

You need to view the following information:

The number of devices that are vulnerable to Spectre and Meltdown vulnerabilities

The number of devices that have Windows Defender real-time protection turned off

Which Windows Analytics solutions should you use? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

Answer:

100% Success with DumpsPedia.com 228 of 235

Braindumps Questions Microsoft - MD-101

Explanation

Note: Windows Analytics is now known as Desktop Analytics and Windows Defender is now known as
Microsoft Defender Antivirus

Question #:159 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and
Windows 10 Pro devices.

From Microsoft Intune, you create a device configuration profile named Profile1.

You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.

Solution: You create an Azure Active Directory group that contains only the Windows 10 Enterprise devices.
You assign Profile1 to the new group.

Does this meet the goal?

A. Yes

B. No

Answer: B

Reference:

100% Success with DumpsPedia.com 229 of 235

Braindumps Questions Microsoft - MD-101

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create

Question #:160 - (Exam Topic 3)

Your network contains an Active Directory domain named contoso.com. The domain contains computers that
run Windows 10 and are joined to the domain.

The domain is synced to Microsoft Azure Active Directory (Azure AD).

You create an Azure Log Analytics workspace and deploy the Device Health solution.

You need to enroll the computers in Windows Analytics.

Which Group Policy setting should you configure?

A. Specify intranet Microsoft update service location

B. Allow Telemetry

C. Configure the Commercial ID

D. Connected User Experiences and Telemetry

Answer: C

Explanation
Microsoft uses a unique commercial ID to map information from user computers to your Azure workspace.
Copy your commercial ID key from any of the Windows Analytics solutions you have added to your Windows
Portal, and then deploy it to user computers.

References:

https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-get-started

Question #:161 - (Exam Topic 3)

You have devices enrolled in Microsoft Intune as shown in the following table.

You create device configuration profiles in Intune as shown in the following table.

100% Success with DumpsPedia.com 230 of 235

Braindumps Questions Microsoft - MD-101

You assign the device configuration profiles to groups as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

100% Success with DumpsPedia.com 231 of 235

Braindumps Questions Microsoft - MD-101

If a compliance policy evaluates against the same setting in another compliance policy, then the most
restrictive compliance policy setting applies.

Reference:

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot

Question #:162 - (Exam Topic 3)

Your company has a Microsoft Azure Active Directory (Azure AD) tenant. All users in the company are

licensed for Microsoft Intune.

You need to ensure that the users enroll their iOS device in Intune.

What should you configure first?

A. A Device Enrollment Program (DEP) token.

B. An Intune device configuration profile.

C. A Device enrollment manager (DEM) account.

D. An Apple MDM Push certificate.

Answer: D

Reference:

https://www.manageengine.com/mobile-device-management/help/enrollment/mdm_creating_apns_certificate.html

Prerequisites for iOS enrollment Before you can enable iOS devices, complete the following steps: Make sure
your device is eligible for Apple device enrollment. Set up Intune - These steps set up your Intune
infrastructure. In particular, device enrollment requires that you set your MDM authority. Get an Apple MDM
Push certificate - Apple requires a certificate to enable management of iOS and macOS devices.

https://docs.microsoft.com/en-gb/intune/enrollment/apple-mdm-push-certificate-get

100% Success with DumpsPedia.com 232 of 235

Braindumps Questions Microsoft - MD-101

Question #:163 - (Exam Topic 3)

You manage 1,000 computers that run Windows 10. All the computers are enrolled in Microsoft Intune. You
manage the servicing channel settings of the computers by using Intune.

You need to review the servicing status of a computer.

What should you do?

A. From Device configuration- Profiles, view the device status.

B. From Device compliance, view the device compliance.

C. From Software updates, view the audit logs.

D. From Software updates, view the Per update ring deployment state.

Answer: D

Explanation
References:

https://docs.microsoft.com/en-us/intune/windows-update-compliance-reports

Question #:164 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your company uses Windows Update for Business.

The research department has several computers that have specialized hardware and software installed.

You need to prevent the video drivers from being updated automatically by using Windows Update.

Solution: From the Device Installation and Restrictions settings in a Group Policy object (GPO), you enable
Prevent installation of devices using drivers that match these device setup classes, and then you enter the
device GUID.

Does this meet the goal?

A. Yes

B.

100% Success with DumpsPedia.com 233 of 235

Braindumps Questions Microsoft - MD-101

B. No

Answer: B

Explanation
References:

https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000

Question #:165 - (Exam Topic 3)

You have a Microsoft 365 subscription. All devices run Windows 10.

You need to prevent users from enrolling the devices in the Windows Insider Program.

What two configurations should you perform from Microsoft 365 Device Management? Each correct answer
is a complete solution.

NOTE: Each correct selection is worth one point.

A. a device restrictions device configuration profile

B. an app configuration policy

C. a custom device configuration profile

D. a Windows 10 security baseline

E. a Windows 10 update ring

Answer: B E

Question #:166 - (Exam Topic 3)

Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft
Intune.

Currently, Windows updates are downloaded without using Delivery Optimization.

You need to configure the computers to use Delivery Optimization.

What should you create in Intune?

A. a device configuration profile

B. a device compliance policy

C.

100% Success with DumpsPedia.com 234 of 235

Braindumps Questions Microsoft - MD-101

C. an app protection policy

D. a Windows 10 update ring

Answer: A

Explanation
References:

https://docs.microsoft.com/en-us/intune/delivery-optimization-windows

Question #:167 - (Exam Topic 3)

Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.

You have an Azure Directory group named Group1 that contains Windows 10 Enterprise devices and
Windows 10 Pro devices.

From Microsoft Intune, you create a device configuration profile named Profile1.

You need to ensure that Profile1 applies to only the Windows 10 Enterprise devices in Group1.

Solution: You create a scope tag, and then you add the scope tag to the Windows 10 Enterprise devices. You
edit the settings of Profile1.

Does this meet the goal?

A. Yes

B. No

Answer: B

Reference:

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create

100% Success with DumpsPedia.com 235 of 235

About dumpspedia.com
dumpspedia.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.

We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

View list of all certification exams: All vendors

We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.

Sales: [email protected]
Feedback: [email protected]
Support: [email protected]

Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.