Exam MD-102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 60

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.

Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you create and assign a device restrictions profile.

Does this meet the goal?

    Correct Answer: B

    The proposed solution does not meet the goal. Setting up a six-digit PIN for Windows 10 devices in an Azure AD tenant requires configuring the Windows Hello for Business settings. The solution mentioned involves configuring automatic mobile device management (MDM) enrollment and creating a device restrictions profile from the Microsoft Intune admin center. However, device restrictions in Intune primarily manage password policies, not specific PIN configurations. To ensure users are prompted to set up a six-digit PIN, the correct approach is to configure the Windows Hello for Business settings in Intune.

Discussion
MR_EliotOption: B

Answer is NO. In device restriction policy, you can only configure password policy. There is nothing about the pin settings. For pin settins, you will need to configure Windows hello for Business.

letters1234Option: B

Correct, would need to be Enroll Devices \ Windows Enrollment \ Windows Hello for Business \ Minimum PIN Length. Or possibly a Device Configuration Policy.

Futfuyfyjfj

You are right it can be achieved with a WHfB config, but you can do it with a device restriction as well: https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#password

BJS78

Wrong. You can set PIN for iOS/Android, but for Windows only the password (not the PIN) can be controlled via Device restrictions.

Futfuyfyjfj

I guess you didn’t read the article nor you checked Intune itself? Article says: Required password type: Choose the type of password. Your options: Not configured: Intune doesn't change or update this setting. By default, the OS might allow the password to include numbers and letters. Alphanumeric: Password must be a mix of numbers and letters. Numeric: Password must only be numbers. So numeric is a PIN……

sbermejor

Password and pin are different, regardless a password contains only numbers it´s still a password. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password

MerrybobOption: B

B. No You'd need a Windows Hello for Business config profile. https://learn.microsoft.com/en-us/mem/intune/protect/windows-hello#:~:text=In%20the%20Anniversary%20Update%2C%20these%20two%20PINS%20were%20merged%20into%20one%20single%20device%20PIN.%20Any%20Intune%20configuration%20policies%20you%20set%20to%20control%20the%20device%20PIN%2C%20and%20additionally%2C%20any%20Windows%20Hello%20for%20Business%20policies%20you%20configured%2C%20now%20both%20set%20this%20new%20PIN%20value.

madsaOption: B

This answer is wrong as to perform this action via Intune you need "Device Configuration Profiles - Identity protection", that is the way I have it setup for the company I work for. So correct answer is No.

frack

device configuration profile not restriction profile, correct. I agree, the answer is No.

suresh08Option: A

Yes, we can achieve it from device restriction.

iTomi

NO! Intune > Devices > Configuration profiles > Create > New Policy > Windows 10 or later > Settings Catalog > Create > Windows Hello for Business.

veliyathOption: B

The device restrictions profile in Intune primarily manages password policies and does not include specific settings for PIN configuration. For configuring PIN settings, you need to use Windows Hello for Business policies. Therefore, the correct answer is: B. No

yosryOption: B

No the answer is B

iTomiOption: B

NO! Intune > Devices > Configuration profiles > Create > New Policy > Windows 10 or later > Settings Catalog > Create > Windows Hello for Business.

NoursBearOption: A

I also agree A yes is correct

NoursBear

Nope.. the correct way is in question 61. So this is a No now

KrayzrOption: B

This is what Bing AI provided. After further research, I found that to ensure users are prompted to set up a six-digit PIN when they join the Windows 10 devices to contoso.com, you need to configure the PIN complexity settings in the Intune policy1. Here are the steps to do it: Sign in to the Microsoft Intune admin center. Go to Devices > Enroll devices > Windows enrollment > Windows Hello for Business. The Windows Hello for Business pane opens. Select from the following options for Configure Windows Hello for Business: Enabled. Select this setting if you want to configure Windows Hello for Business settings. When you select Enabled, other settings for Windows Hello are visible and can be configured for devices1. The default PIN length is six characters, but you can enforce a minimum length of four characters. The maximum PIN length is 127 characters. So, you can set the minimum length to six characters to ensure a six-digit PIN.

Krayzr

Correction, Question says Intune admin center. Answer "A"

sbermejorOption: B

I think answer is B. In device restriction profile you can configure password not pin. You can force the password to be only numbers but it's still a pin as it's not the same. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password

fco168Option: B

Technically, the answer is B. Because creating a Restrictions Profile does not meet the end. You can create an empty Restrictions profile and assign it or configure it for something else.

benpattoOption: A

MDM Enrollment allows for Intune to then take over, which would allow for device config or even windows enrollment.

Suresh_2411Option: A

should be Yes