MS-102 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-102 Exam - Question 186

DRAG DROP

-

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

You need to onboard the devices to Microsoft Defender for Endpoint. The solution must minimize administrative effort.

What should you use to onboard each type of device? To answer, drag the appropriate onboarding methods to the correct device types. Each onboarding method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

13 comments
Sign in to comment
aleksdj
Dec 1, 2023

I don`t understand how someone can agree with the given answer. Do your study before you post something. Integration with Microsoft Defender for Cloud is designed for Windows Servers and has nothing to do with BYOD. First answer = Intune Second answer = Local Script Remember this: Devices enrolled = Intune Devices not enrolled = Local Script

KerrAvon
Feb 27, 2024

There are 25 BYOD - local script is limited to 10 devices

oopspruu
Apr 26, 2024

The local script is "advised" to be used only upto 10 devices because it has different parameters and meant to be for testing only. There is nothing stopping you from running it on 25 devices.

blairskimo
Jul 18, 2024

Thats the answere I was gonna give . There is hope for me yet :P

NrdAlrt
Nov 10, 2023

I disagree specifically with BYOD answer provided. The question is how do you extend Defender for Endpoint to these these BYOD devices. Since they are not enrolled, you have no control over them. Defender for Cloud Apps is a CASB. I don't see how people walking around with BYOD PC's would be accessing anything through a CASB service and it's not endpoint protection. I found this: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-for-byod-devices/m-p/2488318 A locally executed script is your only option here. VDI would work if these users were forced to use VDI's from their BYOD devices, but it's not as straight forward an answer to the question.

gomezmax
Dec 19, 2023

To me it is: Intune In both I use it in my environment I have policy to corporate devices and another policy to BYOD

Barachan
Jun 8, 2024

It seems both Intune https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment

Casticod
Sep 6, 2023

Correct https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/unmanaged-device-protection-capabilities-are-now-generally/ba-p/2463796

862e76c
Sep 20, 2023

Agree with the answer

gomezmax
Dec 12, 2023

I do Agree with aleksdj The First Answer should be Intune and the second Should be Intune

m2L
Dec 22, 2023

According to the below link, You can also manually onboard individual devices to Defender for Endpoint by using a local script. I think that individual Device means BYOD. Therefore answers are: Local Script Microsoft Intune https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide

Iali11
Dec 29, 2023

I'd go with 1. Intune 2. local script https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide

SabicomSistemi
Jan 12, 2024

chatgpt question: You need to onboard DEVICE A and DEVICE B to Microsoft Defender for Endpoint. The solution must minimize administrative effort. DEVICE A Type: Corporate Operating system: Windows 11 Enrollment status: Azure AD-joined, Microsoft Intune-managed DEVICE B Type:Bring your own device (BYOD) Operating system: Windows 11 Enrollment status: Unmanaged What should you use to onboard each type of device? A local script Group Policy Integration with Microsoft Defender for Cloud Microsoft Intune Virtual Desktop Infrastructure (VDI) scripts Ther’s only one answer for DEVICE A and DEVICE B The answer of chatgpt: To onboard DEVICE A, which is a Corporate device running Windows 11 and is Azure AD-joined and Microsoft Intune-managed, you can use Microsoft Intune to onboard the device to Microsoft Defender for Endpoint 12. To onboard DEVICE B, which is a Bring your own device (BYOD) running Windows 11 and is unmanaged, you can use Integration with Microsoft Defender for Cloud to onboard the device to Microsoft Defender for Endpoint 13. Using Microsoft Intune for DEVICE A and Integration with Microsoft Defender for Cloud for DEVICE B will minimize administrative effort 1.

Bouncy
Feb 20, 2024

ChatGPT in its current state - old data, no Internet access - is not exactly a great companion for Azure-related tasks. Don't trust it and please don't post its answers..

Jamesat
Apr 29, 2024

People should stop posting Chat GPT answers as they are often wrong or just waffle. Please stop posting this as it is not helpful at all.

Jamesat
Apr 29, 2024

Surely the answer is Intune and Intune. Local Script is support for up to 10 devices. Group Policy is out. But if you are using Intune for MDM you are likely also using it for MAM on the BYOD. However you can't enforce a required app for BYOD only make it available so maybe the given answer is correct? Some of these questions are just confusing.

BJS78
May 24, 2024

For the ppl suggesting Intune for BYOD+Defender: It IS possible, BUT the devices needs to be managed by Intune, which is maybe you want to do or not (license costs, etc). All based on the company policy. Looking to the scenario described, the BYOD devices are NOT managed, so Intune for them is out of scope.

Murad01
Jul 10, 2024

I would say: 1. Intune 2. Local Script