Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.
You implement hybrid Azure AD and Microsoft Intune.
You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort.
What should you use?
To automatically register all existing computers to Azure AD and enroll them in Intune with minimal administrative effort, you should use a Group Policy object (GPO). A GPO can enable automatic MDM enrollment using default Azure AD credentials and configure the MDM user scope. This allows for centralized management and streamlined deployment without the need for individual configuration on each device. Autodiscover address records and service connection points are related to Exchange and not relevant here, while Windows Autopilot is more suited for new device setups rather than existing ones.
B. a Group Policy object (GPO) https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
It is a trick question because least administrative is Windows Autopilot which would reset the devices. If resetting the device is a concern then it would GPO. Hopefully the exam isn't as vague as this question is
Agreed
Correct answer is C. Key is lease administrative effort!!! https://youtu.be/Q15ZXyvzQfs?si=8Am2s2H-qN2TtvLa
Answer is C!
ChatGPT: To automatically register all existing computers to Azure AD and enroll them in Intune with minimal administrative effort, you should use **Windows Autopilot deployment profile** (option D). Autopilot allows you to pre-register devices with Azure AD and enroll them in Intune as part of the out-of-box experience for end-users. This helps streamline the deployment process and reduces the need for manual intervention.
ChatGPT is lost in the answer, instead of just copy paste ChatGPT's answer, I recommend you analyze it a little bit more the answer before publishing it here, This kind of answer just adds noise to people you are trying to add value why the answer.
The answer is B. a Group Policy object (GPO).
Here's why: GPOs are the most efficient way to automate registration and enrollment for existing devices in a hybrid Azure AD environment. They allow you to apply settings to a large number of devices centrally, minimizing the administrative effort involved. Here's how it works: Create a GPO: Use the Group Policy Management Console (GPMC) to create a new GPO that targets the computers you want to enroll. Enable automatic MDM enrollment: Within the GPO, enable the policy setting for "Enable automatic MDM enrollment using default Azure AD credentials." Configure MDM user scope: Specify whether the enrollment applies to all users or a specific group of users. Apply the GPO: Link the GPO to the appropriate Active Directory organizational unit (OU) to apply it to the targeted computers.
Once the GPO is applied, computers will automatically register with Azure AD and enroll in Intune when users sign in with their Azure AD credentials. Why the other options are not suitable: Autodiscover address record and Autodiscover service connection point (SCP): These are used for discovering Exchange server settings in Outlook clients, not for device registration or enrollment. Windows Autopilot deployment profile: This is used for streamlining the setup of new devices, not for managing existing devices.
B is correct
B IS CORRECT
B IS CORRECT
Optin: D
Group policy Object
GPO and Autopilot both can do it, but as we migrate prod devices, it is quite possible we don't want to reset the devices, so this way "B" is better.
the GPO policy can hybrid join existing devices to Intune without resetting. That has been the standard practice when you want to go from fully on-prem to Intune managed.
B. a Group Policy object (GPO). You can create and deploy a Group Policy object (GPO) that configures the devices for hybrid Azure AD join and Intune enrollment. This GPO can include settings such as enabling hybrid Azure AD join and configuring automatic enrollment in Intune. Once applied, the GPO will automatically register all existing computers to Azure AD and enroll them in Intune, ensuring they are properly managed without requiring manual intervention on each device.
B. a Group Policy object (GPO) Correct
I think SCP is most simple way.I have experience configuring it. https://learn.microsoft.com/en-us/entra/identity/devices/how-to-hybrid-join The second method is GPO. Used when joining partial devices to Hybrid AD.
B. a Group Policy object (GPO)