Exam MS-102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 186

DRAG DROP

-

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

You need to onboard the devices to Microsoft Defender for Endpoint. The solution must minimize administrative effort.

What should you use to onboard each type of device? To answer, drag the appropriate onboarding methods to the correct device types. Each onboarding method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
aleksdj

I don`t understand how someone can agree with the given answer. Do your study before you post something. Integration with Microsoft Defender for Cloud is designed for Windows Servers and has nothing to do with BYOD. First answer = Intune Second answer = Local Script Remember this: Devices enrolled = Intune Devices not enrolled = Local Script

KerrAvon

There are 25 BYOD - local script is limited to 10 devices

oopspruu

The local script is "advised" to be used only upto 10 devices because it has different parameters and meant to be for testing only. There is nothing stopping you from running it on 25 devices.

blairskimo

Thats the answere I was gonna give . There is hope for me yet :P

NrdAlrt

I disagree specifically with BYOD answer provided. The question is how do you extend Defender for Endpoint to these these BYOD devices. Since they are not enrolled, you have no control over them. Defender for Cloud Apps is a CASB. I don't see how people walking around with BYOD PC's would be accessing anything through a CASB service and it's not endpoint protection. I found this: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-for-byod-devices/m-p/2488318 A locally executed script is your only option here. VDI would work if these users were forced to use VDI's from their BYOD devices, but it's not as straight forward an answer to the question.

Barachan

It seems both Intune https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment

gomezmax

To me it is: Intune In both I use it in my environment I have policy to corporate devices and another policy to BYOD

Murad01

I would say: 1. Intune 2. Local Script

BJS78

For the ppl suggesting Intune for BYOD+Defender: It IS possible, BUT the devices needs to be managed by Intune, which is maybe you want to do or not (license costs, etc). All based on the company policy. Looking to the scenario described, the BYOD devices are NOT managed, so Intune for them is out of scope.

Jamesat

Surely the answer is Intune and Intune. Local Script is support for up to 10 devices. Group Policy is out. But if you are using Intune for MDM you are likely also using it for MAM on the BYOD. However you can't enforce a required app for BYOD only make it available so maybe the given answer is correct? Some of these questions are just confusing.

SabicomSistemi

chatgpt question: You need to onboard DEVICE A and DEVICE B to Microsoft Defender for Endpoint. The solution must minimize administrative effort. DEVICE A Type: Corporate Operating system: Windows 11 Enrollment status: Azure AD-joined, Microsoft Intune-managed DEVICE B Type:Bring your own device (BYOD) Operating system: Windows 11 Enrollment status: Unmanaged What should you use to onboard each type of device? A local script Group Policy Integration with Microsoft Defender for Cloud Microsoft Intune Virtual Desktop Infrastructure (VDI) scripts Ther’s only one answer for DEVICE A and DEVICE B The answer of chatgpt: To onboard DEVICE A, which is a Corporate device running Windows 11 and is Azure AD-joined and Microsoft Intune-managed, you can use Microsoft Intune to onboard the device to Microsoft Defender for Endpoint 12. To onboard DEVICE B, which is a Bring your own device (BYOD) running Windows 11 and is unmanaged, you can use Integration with Microsoft Defender for Cloud to onboard the device to Microsoft Defender for Endpoint 13. Using Microsoft Intune for DEVICE A and Integration with Microsoft Defender for Cloud for DEVICE B will minimize administrative effort 1.

Bouncy

ChatGPT in its current state - old data, no Internet access - is not exactly a great companion for Azure-related tasks. Don't trust it and please don't post its answers..

Jamesat

People should stop posting Chat GPT answers as they are often wrong or just waffle. Please stop posting this as it is not helpful at all.

Iali11

I'd go with 1. Intune 2. local script https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide

m2L

According to the below link, You can also manually onboard individual devices to Defender for Endpoint by using a local script. I think that individual Device means BYOD. Therefore answers are: Local Script Microsoft Intune https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide

gomezmax

I do Agree with aleksdj The First Answer should be Intune and the second Should be Intune

862e76c

Agree with the answer

Casticod

Correct https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/unmanaged-device-protection-capabilities-are-now-generally/ba-p/2463796