Your company uses Microsoft Intune to manage devices.
You need to ensure that only Android devices that use Android work profiles can enroll in Intune.
Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To ensure that only Android devices that use Android work profiles can enroll in Intune, two configurations must be set in the device enrollment restrictions. First, you need to block Android device administrator Personally Owned devices. This prevents any Android device that doesn't use work profiles from enrolling. Second, you must allow Android Enterprise (work profile) devices to ensure that only those devices using work profiles are permitted to enroll. These configurations together will ensure that only Android devices with work profiles can enroll in Intune.
https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
In groups where both Android platforms are allowed, devices that support work profile will enroll with a work profile. Devices that don't support work profile will enroll on the Android device administrator platform. Neither work profile nor device administrator enrollment will work until you complete all prerequisites for Android enrollment.
why is it D?
Because Android Device Admin may not enroll at all so when blocking Android Device Admin unter the platform setting, the personally owned device is greyed out automatically so you don't set the "block" there
BD agreed. Also device administrator will be out of support by Microsof very soon.
Answers are 100% correct
To ensure that only Android devices using Android work profiles can enroll in Intune, you should: D. From Platform Settings, set Android device administrator to Block. B. From Platform Settings, set Android Enterprise (work profile) to Allow. This configuration ensures that only devices using Android work profiles can enroll while blocking other Android devices managed by the older device administrator method.
you can control which devices are allowed to enroll by setting device enrollment restrictions. To ensure that only Android devices that use Android work profiles can enroll in Intune, you should: Block Android device administrator Personally Owned devices: This prevents Android devices that are not using work profiles from enrolling. Allow Android Enterprise (work profile) devices: This allows Android devices that are using work profiles to enrol. A and B are the right answers.
Ther's is no "androind Personally owned" option, only Work profile and Admin
BD Ref for D: https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set#blocking-personal-android-devices