Microsoft MD-102 Exam Questions
Endpoint Administrator (Page 2 )

Case study

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has the users and computers shown in the following table.



The company has IT, human resources (HR), legal (LEG), marketing (MKG), and finance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.

Existing Environment

The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Entra tenant.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Configuration Manager. The mobile devices are managed by using Microsoft Intune.

The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example FIN-6785. All the computers are joined to the on-premises Active Directory domain.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.

Intune Configuration

The domain has the users shown in the following table.



User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.



The device compliance policies in Intune are configured as shown in the following table.



The device compliance policies have the assignments shown in the following table.



The device limit restrictions in Intune are configured as shown in the following table.



Requirements

Planned changes

Contoso plans to implement the following changes:
Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled



and were purchased already.
Implement co-management for the computers.



Technical Requirements

Contoso must meet the following technical requirements:

Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices



that are enrolled in Intune.
Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.



Create a provisioning package for new computers in the HR department.



Block iOS devices from sending diagnostic and usage telemetry data.



Use the principle of least privilege whenever possible.



Enable the users in the MKG department to use App1.



Pilot co-management for the IT department.

Case study

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has the users and computers shown in the following table.



The company has IT, human resources (HR), legal (LEG), marketing (MKG), and finance (FIN) departments.

Contoso recently purchased a Microsoft 365 subscription.

The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.

Existing Environment

The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Entra tenant.

All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.

The computers are managed by using Microsoft Configuration Manager. The mobile devices are managed by using Microsoft Intune.

The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example FIN-6785. All the computers are joined to the on-premises Active Directory domain.

Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.

Intune Configuration

The domain has the users shown in the following table.



User2 is a device enrollment manager (DEM) in Intune.

The devices enrolled in Intune are shown in the following table.



The device compliance policies in Intune are configured as shown in the following table.



The device compliance policies have the assignments shown in the following table.



The device limit restrictions in Intune are configured as shown in the following table.



Requirements

Planned changes

Contoso plans to implement the following changes:
Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled



and were purchased already.
Implement co-management for the computers.



Technical Requirements

Contoso must meet the following technical requirements:

Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices



that are enrolled in Intune.
Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.



Create a provisioning package for new computers in the HR department.



Block iOS devices from sending diagnostic and usage telemetry data.



Use the principle of least privilege whenever possible.



Enable the users in the MKG department to use App1.



Pilot co-management for the IT department.

Case study

Overview

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment

Network Environment

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.



ADatum has a hybrid Microsoft Entra tenant named adatum.com.

Users and Groups

The adatum.com tenant contains the users shown in the following table.



All users are assigned a Microsoft 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices

ADatum has the Windows 10 devices shown in the following table.



The Windows 10 devices are joined to Microsoft Entra and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.



All the Microsoft Entra joined devices have an executable file named C:\AppA.exe and a folder named D:
\Folder1.

Microsoft Intune Configuration

Microsoft Intune has the compliance policies shown in the following table.





The Automatic Enrollment settings have the following configurations:

MDM user scope: GroupA



MAM user scope: GroupB



You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

Name: Protection1



Folder protection: Enable



List of apps that have access to protected folders: C:\*\AppA.exe



List of additional folders that need to be protected: D:\Folder1



Assignments:



- Included groups: Group2, GroupB

Windows Autopilot Configuration

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.



Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements

Planned Changes

ADatum plans to implement the following changes:

Purchase a new Windows 10 device named Device6 and enroll the device in Intune



New computers will be deployed by using Windows Autopilot and will be hybrid Microsoft Entra joined.



Deployed a network boundary configuration profile that will have the following settings:



- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
* Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following



settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
* Included groups: Group1, Group2, GroupA
* Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
* Included groups: GroupA
* Excluded groups: GroupB

Technical Requirements

ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.



Administrative effort must be minimized.

Case study

Overview

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment

Network Environment

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.



ADatum has a hybrid Microsoft Entra tenant named adatum.com.

Users and Groups

The adatum.com tenant contains the users shown in the following table.



All users are assigned a Microsoft 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices

ADatum has the Windows 10 devices shown in the following table.



The Windows 10 devices are joined to Microsoft Entra and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.



All the Microsoft Entra joined devices have an executable file named C:\AppA.exe and a folder named D:
\Folder1.

Microsoft Intune Configuration

Microsoft Intune has the compliance policies shown in the following table.





The Automatic Enrollment settings have the following configurations:

MDM user scope: GroupA



MAM user scope: GroupB



You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

Name: Protection1



Folder protection: Enable



List of apps that have access to protected folders: C:\*\AppA.exe



List of additional folders that need to be protected: D:\Folder1



Assignments:



- Included groups: Group2, GroupB

Windows Autopilot Configuration

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.



Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements

Planned Changes

ADatum plans to implement the following changes:

Purchase a new Windows 10 device named Device6 and enroll the device in Intune



New computers will be deployed by using Windows Autopilot and will be hybrid Microsoft Entra joined.



Deployed a network boundary configuration profile that will have the following settings:



- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
* Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following



settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
* Included groups: Group1, Group2, GroupA
* Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
* Included groups: GroupA
* Excluded groups: GroupB

Technical Requirements

ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.



Administrative effort must be minimized.

Case study

Overview

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.

Environment

Network Environment

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.



ADatum has a hybrid Microsoft Entra tenant named adatum.com.

Users and Groups

The adatum.com tenant contains the users shown in the following table.



All users are assigned a Microsoft 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

Devices

ADatum has the Windows 10 devices shown in the following table.



The Windows 10 devices are joined to Microsoft Entra and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.



All the Microsoft Entra joined devices have an executable file named C:\AppA.exe and a folder named D:
\Folder1.

Microsoft Intune Configuration

Microsoft Intune has the compliance policies shown in the following table.





The Automatic Enrollment settings have the following configurations:

MDM user scope: GroupA



MAM user scope: GroupB



You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

Name: Protection1



Folder protection: Enable



List of apps that have access to protected folders: C:\*\AppA.exe



List of additional folders that need to be protected: D:\Folder1



Assignments:



- Included groups: Group2, GroupB

Windows Autopilot Configuration

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.



Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.

Requirements

Planned Changes

ADatum plans to implement the following changes:

Purchase a new Windows 10 device named Device6 and enroll the device in Intune



New computers will be deployed by using Windows Autopilot and will be hybrid Microsoft Entra joined.



Deployed a network boundary configuration profile that will have the following settings:



- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
* Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following



settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
* Included groups: Group1, Group2, GroupA
* Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
* Included groups: GroupA
* Excluded groups: GroupB

Technical Requirements

ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.



Administrative effort must be minimized.