HOTSPOT -
You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback
You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Endpoint Manager.
You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network.
What should you do first?
To create a conditional access policy in Azure AD that restricts VPN connections to compliant Windows 10 devices, the initial step is to create a certificate. This certificate is essential for ensuring secure VPN connections and establishing the necessary conditions for access through Azure AD. It allows Azure AD to manage and enforce the compliance status of the devices that are attempting to connect via VPN. Configuring the authentication methods or application proxy is not directly related to setting up a conditional access policy for compliant VPN access. Additionally, creating a Dynamic Access Control policy in the Active Directory Administrative Center pertains to on-premises resources and is not relevant to Azure AD's conditional access policies.
You have a Microsoft 365 subscription.
From the Microsoft 365 admin center, you create a new user.
You plan to assign the Reports reader role to the user.
You need to view the permissions of the Reports reader role.
Which admin center should you use?
To view the permissions of the Reports reader role in a Microsoft 365 subscription, the appropriate admin center to use is Azure Active Directory. Azure Active Directory is the service that manages identity and access control, including detailed role definitions and permissions for various roles within Microsoft 365. While the Microsoft 365 admin center can show assigned roles, Azure Active Directory provides detailed information and management capabilities for roles and their specific permissions.
You have a Microsoft 365 E5 subscription.
You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi-factor authentication (MFA) to request the permissions.
What should you use to achieve the goal?
To ensure that users assigned the Exchange administrator role have time-limited permissions and must use multi-factor authentication (MFA) to request the permissions, you should use Microsoft Azure Active Directory (Azure AD) Privileged Identity Management. This is because Privileged Identity Management allows you to configure just-in-time access for administrative roles, enforce MFA for role activation, and set role assignment to be time-limited, thus meeting the requirements mentioned.
Your company has a Microsoft 365 subscription.
The company does not permit users to enroll personal devices in mobile device management (MDM).
Users in the sales department have personal iOS devices.
You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant.
The users must be prevented from backing up the app's data to iCloud.
What should you create?
An app protection policy in Microsoft Endpoint Manager is designed to manage and protect data within apps on devices, whether they are managed through mobile device management (MDM) or not. Since the company does not permit users to enroll personal devices in MDM, using an app protection policy is the suitable approach to ensure that the Microsoft Power BI app is used securely. This policy can prevent users from backing up the app's data to iCloud, ensuring compliance with company policies while allowing access to the necessary Power BI data.