Microsoft MD-101 Managing Modern Desktops Online Training
Microsoft MD-101 Online Training
The questions for MD-101 were last updated at Dec 20,2024.
- Exam Code: MD-101
- Exam Name: Managing Modern Desktops
- Certification Provider: Microsoft
- Latest update: Dec 20,2024
You have a Microsoft 365 E5 subscription.
You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.
What should you select in the Microsoft Endpoint Manager admin center?
- A . Apps. and then Monitor
- B . Devices, and then Monitor
- C . Reports, and the Device compliance
A
Explanation:
App report: You can search by platform and app, and then this report will provide two different app protection statuses that you can select before generating the report. The statuses can be Protected or Unprotected.
Reference: https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies-monitor
You have a Microsoft 365 subscription that uses Microsoft Intune.
You need to ensure that you can deploy apps to Android Enterprise devices.
What should you do first?
- A . Create a configuration profile.
- B . Link your managed Google Play account to intune.
- C . Configure the Partner device management settings.
- D . Add a certificate connector.
B
Explanation:
Connect your Intune account to your Managed Google Play account.
Managed Google Play is Google’s enterprise app store and sole source of applications for Android Enterprise in Intune. You can use Intune to orchestrate app deployment through Managed Google Play for any Android Enterprise scenario (including personally-owned work profile, dedicated, fully managed, and corporate-owned work profile enrollments).
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-android-for-work
https://docs.microsoft.com/en-us/mem/intune/enrollment/connect-intune-android-enterprise
You have a Microsoft 365 subscription.
You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).
You plan to replace the computers with new computers that run Windows 10. The new computers will be
joined to Azure AD.
You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.
What should you use?
- A . Folder Redirection
- B . The Microsoft SharePoint Migration Tool
- C . Enterprise State Roaming
- D . Roaming user profiles
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-windows-settingsreference
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-faqs
HOTSPOT
You have the MDM Security Baseline profile shown in the MDM exhibit. (Click the MDM tab.)
You have the ASR Endpoint Security profile shown in the ASR exhibit. (Click the ASR tab.)
You plan to deploy both profiles to devices enrolled in Microsoft Intune.
You need to identify how the following settings will be configured on the devices:
✑ Block Office applications from creating executable content
✑ Block Win32 API calls from Office macro
Currently, the settings are disabled locally on each device.
What are the effective settings on the devices? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Audit mode
According to the ASR Endpoint Security profile and to the MDM Security Baseline profile, Block Office applications from creating executable content is set to Audit mode.
Box 2: Disable
Block Win32 API calls from Office macro: According to MDM Security Baseline profile it is set to disable. According to the ASR Endpoint Security profile it is set to Audit mode.
The profiles are merged. The Baseline profile overrides the Endpoint Security profile.
Note:
When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
Attack surface reduction rule merge behavior is as follows:
Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline > Attack Surface Reduction Rules.
MDM Security Baseline profile ASR Endpoint Security profile.
Your company has several Windows 10 devices that are enrolled in Microsoft Inline.
You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup.
You need to enroll Computer1 in Intune.
Solution: From Computer1, you sign in to https://portal.manage.microsoft.com and use the Devices tab.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Use MDM enrolment.
MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
Reference: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
You are creating a device configuration profile in Microsoft Intune.
You need to configure specific OMA-URI settings in the profile.
Which profile type should you use?
- A . Identity protection
- B . Custom
- C . Device restrictions (Windows 10 Team)
- D . Device restrictions
B
Explanation:
Reference: https://docs.microsoft.com/en-us/mem/intune/configuration/custom-settings-windows-10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain. The domain contains member computers that run Windows 8.1 and are enrolled in Microsoft Intune.
You need to identify which computers can be upgraded to Windows 10.
Solution: From Windows on the Devices blade of the Microsoft Endpoint Manager admin center, you create a filter and export the results as a CSV file.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
You save a provisioning package named Package1 to a folder named C:Folder1.
You need to apply Package1 to Computer1.
Solution: From File Explorer, you go to C:Folder1, and then you double-click the Package1.ppkg file.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
To install a provisioning package, navigate to Settings > Accounts > Access work or school > Add or remove a provisioning package > Add a package, and select the package to install.
Reference: https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains 500 computers that run Windows 7. Some of the computers are used by multiple users.
You plan to refresh the operating system of the computers to Windows 10.
You need to retain the personalization settings to applications before you refresh the computers. The solution must minimize network bandwidth and network storage space.
Which command should you run on the computer? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
References: https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax#how-to-use-ui-and-ue
Your company has an internal portal that uses a URL of http://contoso.com.
The network contains computers that run Windows 10. The default browser on all the computers is Microsoft Edge.
You need to ensure that all users only use Internet Explorer to connect to the internal portal. The solution must ensure that Microsoft Edge can be used to connect to all other websites.
What should you do from each computer?
- A . From Internet Explorer, configure the Compatibility View settings
- B . From the local policy, configure Enterprise Mode
- C . From Microsoft Edge, configure the Advanced Site Settings
- D . From the Settings app, configure the default web browser settings
B
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility