Exam MD-102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 174

HOTSPOT

-

You have devices that are not rooted enrolled in Microsoft Intune as shown in the following table.

The devices are members of a group named Group1.

In Intune, you create a device compliance location that has the following configurations:

• Name: Network1

• IPv4 range: 192.168.0.0/16

In Intune, you create a device compliance policy for the Android platform. The policy has the following configurations:

• Name: Policy1

• Device health: Rooted devices: Block

• Locations: Location: Network1

• Mark device noncompliant: Immediately

• Assigned: Group1

The Intune device compliance policy has the following configurations:

• Mark devices with no compliance policy assigned as: Compliant

• Enhanced jailbreak detection: Enabled

• Compliance status validity period (days): 20

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
BJS78

Device1: no compliance policy --> compliant Device2: not in fencing --> non-compliant Device3: in fencing --> compliant

VirtualJP

I think YNY

fco168

Device1: Y Device2: N Device3: Y

MR_Eliot

Answer should be: YES, The policy does not apply. Default policy for devices without compliance policy is Compliant. NO: IP range doesn't match YES: IP range match

Merrybob

Yes No Yes

chandravamsi

Y,N: because device2 should follow network policy of 192.168.x.x but has 10.x.x.x,Y

Contactfornitish

There is no reason that device 3 would be non-compliant Windows device would not have any policy Device 2 would have policy but not in fencing so non-compliant

CJL324

Device1 is marked as compliant: Yes Device2 is marked as compliant: No Device3 is marked as compliant: Yes

NoursBear

I am seeing a lots of things wrong with the question and I don't know if it's because of big changes in Inune. The only place I can configure a location is under Conditional Access Named Locations, which then can be used in a condition access policy. I am not seeing anything under compliance policies I also do not see an applicability rule which can be set. Under Compliance Policies there should have been "locations" but I do not see this.

NoursBear

So now I think YNY instead of my original choice

yosry

I think people are confusing "device location compliance policy" and "Device comliance location", can't blame them the wording used in the question is very missleading. "Device location cofiguration policy" is used for "fencing" devices, and when you create it you just configure the wanted locations and then the action for non compliance. "device compliance location" i believe it means that it's a location that has been created to be used for the following compliance policy, I came to this conclusion based on two factors: 1- the configuration for the "device compliance location" is that of a simple location in intune, you create a location then give it a name and an ip range. 2- "Network1" has been used in the aplicability rule of the following policy as a location. can someone please confirm or correct me?

yosry

so based on my previous comment I believe the answer is YYY: 1- Y: device1 is a windows device so it's not targeted by policy1 2- Y: Device2 is not in the targeted location so policy1 is not applied 3- Y: Device3 is compliant with Policy1

yosry

After further research, it appears to be YNY: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy#:~:text=Another%20example%20includes,as%20one%20day.

Softeng

Useful reference. I stand with YNY too.

servL

The exact text from the link that explains why Device 2 would be Not Compliant. Another example includes the use of Locations where you add at least one location to a compliance policy. In this case, the default action for noncompliance applies when you select at least one location. If the device isn't connected to any of the selected locations, it's considered not compliant. You can configure the schedule to give your users a grace period, such as one day.

OyYaGotta

yosry is correct. Everyone is saying 2 = N because it's not in the IP location of the policy. Policy is set to no compliance policy = mark as compliant. Therefore y y y

NoursBear

Took me a while but answers seem correct YYN

NoursBear

YNY actually