Question 6 of 449

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure pilot co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You unjoin Device1 from the Active Directory domain.

Does this meet the goal?

    Correct Answer: B

    To manage Device1 using both Microsoft Intune and Configuration Manager, the device must be co-managed. Co-management requires the device to be joined to Azure AD or hybrid Azure AD, and managed by Configuration Manager. Unjoining the device from Active Directory would remove it from the domain, thereby making it unmanaged by both Configuration Manager and Intune. Thus, unjoining Device1 from the Active Directory domain does not meet the goal of enabling management by both systems.

Question 7 of 449

HOTSPOT -

Your network contains an Active Directory forest named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You use Microsoft Endpoint Configuration Manager for device management.

You have the Windows 10 devices shown in the following table.

You configure Endpoint Configuration Manager co-management as follows:

✑ Automatic enrollment in Intune: Pilot

✑ Pilot collection for all workloads: Collection2

You configure co-management workloads as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

Question 8 of 449

HOTSPOT -

You have three devices enrolled in Microsoft Intune as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

Question 9 of 449

You have Windows 10 Pro devices that are joined to an Active Directory domain.

You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise.

You are evaluating whether to deploy Windows Hello for Business.

What are two prerequisites of the deployment? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

    Correct Answer: B, D

    To deploy Windows Hello for Business on Windows 10 Enterprise devices in an Active Directory domain, the prerequisites are having Microsoft Azure Active Directory (Azure AD) and TPM-enabled devices. Azure AD is necessary because Windows Hello for Business is designed to work with Azure AD for identity protection and authentication. TPM (Trusted Platform Module) is required to securely store and protect cryptographic keys, which is crucial for the security features provided by Windows Hello for Business.

Question 10 of 449

You have a Microsoft 365 tenant.

All users are assigned the Enterprise Mobility + Security license.

You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Endpoint Manager automatically.

What should you configure?

    Correct Answer: D

    To ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Endpoint Manager automatically, you should configure the MDM User scope from the Azure Active Directory admin center. This setting allows you to specify which users' devices should be automatically enrolled in Microsoft Endpoint Manager when they join Azure AD. The other options do not directly address the automatic enrollment of devices upon joining Azure AD.