HOTSPOT -
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You have the Windows 11 devices shown in the following table.
You deploy the device compliance policy shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
YNN , *** Excluded Groups *** group 2, and per Microsoft "exclusion" take precedence over "inclusion "
if the exclusion win the device has not compliance policy and so is compliance
the question is device 3 will have a policy assigned...so the answer is NO because of the exclusion...yes it will be excluded and marked as compliant but wont have a policy assigned...so as per the question the answer is YNN
No, that makes no sense. Exclusion policy takes precedence. Device is excluded from policy all together. If a device has no compliance policy it will be marked as NOT compliant by default.
Y - Applies and Bitlocker enabled N - Applies and Bitlocker disabled Y - Compliance check doesn't apply Mark devices with no compliance policy assigned as: This setting determines how Intune treats devices that haven't been assigned a device compliance policy. This setting has two values: "Compliant (default): This security feature is off. Devices that aren’t sent a device compliance policy are considered compliant." https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings
The third question starts with "Device 3 will have a policy assigned" and as it belongs to Group2, the policy will not be assigned to it. Therefore it is no. The correct answer would be YNN
Correct. Device 3 is in both an included and excluded group. In that case, exclusion wins. Policy will not be assigned. https://learn.microsoft.com/en-us/mem/intune/apps/apps-inc-exl-assignments
Very good point but tricky though
Device 3 is part of Group 2 "Excluded" , and per Microsoft "exclusion" take precedence over "inclusion " thus is NO not compliant
Yes but policy will be not assigned to that device. And in question you have Device3 will have "Policy Assigned" (which is no) and marked as compliant
Y - Applies and Bitlocker enabled N - Applies and Bitlocker disabled N - Applies and Bitlocker disabled
Y - policy assigned and compliant N - policy assigned and not compliant N - policy not assigned N
You can't really know if the given answer is correct, this is purely based on your default Compliane Policy Settings, if no changes have been made, Device3 will be marked compliant.
the last device will be complaint because for default if no policy is assigned device is marked compliant, but the question ask if the policy will be assigned and it will be marked complaint, so the final answer is NO, due it will be marked complaint but because NO POLICY will be assigned
Answers are correct
I think answers are correct Y - Applies and Bitlocker enabled N - Applies and Bitlocker disabled N - Least rights count for Group2 because its excluded from the policy. So marked as NON compliant immediately.
Yes No No
YNY, for Device 3, Exclude wins, although this is not conventional for Microsoft, for everything else normally the most restrictive settings wins but for compliance policies it seems.
You can’t say whether device 3 is compliant or not. No policy is assigned, so in order to tell if the device is compliant you need to be aware of the default compliance policy, which isn’t mentioned. However the question contains two components -compliance policy assigned -device is compliant First one is a No, which makes YNN
The problem with this question it's not telling us what was configured under Endpoint Security under Compliance policies | Compliance policy settings, there the following setting is as follows Mark devices with no compliance policy assigned as (compliant/not compliant). I believe the default is "compliant"
To determine whether each device will have the policy assigned and be marked as compliant, let's analyze the provided information: Device1: Member of Group1 BitLocker is enabled Group1 is included in the policy assignment Not excluded Device2: Member of Group1 and Group3 BitLocker is disabled Group1 and Group3 are included in the policy assignment Not excluded Device3: Member of Group1 and Group2 BitLocker is enabled Group1 is included in the policy assignment Group2 is excluded Given these details, the answers are: Device1 will have Policy1 assigned and will be marked as compliant: Yes Device2 will have Policy1 assigned and will be marked as compliant: No (BitLocker is disabled) Device3 will have Policy1 assigned and will be marked as compliant: No (Member of excluded Group2)
Even though the option says policy is assigned to the device3 it won't apply to it as exclusion takes precedence and eventually makes the device compliant, because in case of not applicable or targeted, Intune marks it as compliant. This helps avoid unnecessarily marking devices non-compliant due to missing policies that don't apply to them
I dont understand the answers here. It should be NNN ??? When the policy is applied the device will be set as non-compliant. So every answer will be no??
Man, i should really read better. Or not try to study when i'm tired. It is YNN
Correct
Y, N, N Device1 group1 enabled bitlocker device2 group1 & 3 disabled bitlocker device3 group1 & 2 enabled bitlocker bitlocker: require include group1 & group3 exclude group2
YNN Device 1: Already have bitlocker enabled. Device 2: Didnt have bitlocker enabled Device 3: Configured on excluded group therefor policy will not apply
Yes No Yes I agree with letters, for otherwise the question would have to state that devices with no policy aren't compliant.
Yes,No,No correct answ, took the exam today and all the points from the question.
Sure, you must be the first one that gets the score points of the questions. Do not tell usnonsense.