MD-102 Exam - Free Actual Q&as, Page 1 - ExamTopics

- Expert Verified, Online, Free.
Get PDF for Microsoft MD-102 Exam

Including Answers & Discussions
Download PDF - $29.99
 Custom View Settings

Topic 1 - Exam A
Question #1 Topic 1
HOTSPOT -
Case study -
Overview -
ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
ADatum has a Microsoft 365 E5 subscription.
Environment -
Network Environment -
The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.
ADatum has a hybrid Azure AD tenant named adatum.com.
Users and Groups -
The adatum.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices -
ADatum has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Intune Configuration -
Microsoft Intune has the compliance policies shown in the following table.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA -
MAM user scope: GroupB -
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1 -
Folder protection: Enable -
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
Included groups: Group2, GroupB -
Windows Autopilot Configuration -
ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Windows Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements -
Planned Changes -
ADatum plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
Deployed a network boundary configuration profile that will have the following settings:
Name: Boundary1 -
Network boundary: 192.168.1.0/24
Scope tags: Tag1 -
Assignments:
Included groups: Group1, Group2 -
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
Name: Connection1 -
Connection name: VPN1 -
Connection type: L2TP -
Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --
Name: Connection2 -
Connection type: IKEv2 -
Assignments:
Included groups: GroupA -
Excluded groups: GroupB -
Technical Requirements -
ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Question #2 Topic 1
Case study -
Overview -
Environment -
Users and Groups -
Devices -
Name: Protection1 -
Assignments:
Requirements -
Planned Changes -
Name: Boundary1 -
Scope tags: Tag1 -

Assignments:
Name: Connection1 -
Assignments:
Excluded groups: --
Name: Connection2 -
Assignments:
Which devices are registered by using the Windows Autopilot deployment service?
A. Device1 only Most Voted
B. Device3 only
C. Device1 and Device3 only
D. Device1, Device2, and Device3
Correct Answer: C
Community vote distribution

A (91%) 9%
Question #3 Topic 1
HOTSPOT -
Case study -
Overview -
Environment -
Users and Groups -
Devices -
Name: Protection1 -
Assignments:
Requirements -
Planned Changes -
Name: Boundary1 -
Scope tags: Tag1 -
Assignments:
Name: Connection1 -
Assignments:
Excluded groups: --
Name: Connection2 -
Assignments:
Correct Answer:
Question #4 Topic 1
Case study -
Overview -
Environment -
Users and Groups -
Devices -
Name: Protection1 -
Assignments:
Requirements -
Planned Changes -
Name: Boundary1 -
Scope tags: Tag1 -
Assignments:
Name: Connection1 -
Assignments:
Excluded groups: --
Name: Connection2 -
Assignments:
You implement Boundary1 based on the planned changes.
Which devices have a network boundary of 192.168.1.0/24 applied?
A. Device2 only
B. Device3 only
C. Device1, Device2, and Device5 only
D. Device1, Device2, Device3, and Device4 only Most Voted
Correct Answer: B

D (96%) 4%
Question #5 Topic 1
HOTSPOT -
You have a Microsoft 365 subscription.
You use Microsoft Intune Suite to manage devices.
You have the iOS app protection policy shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Correct Answer:
Question #6 Topic 1
DRAG DROP -
You have a Microsoft 365 E5 subscription and a computer that runs Windows 11.
You need to create a customized installation of Microsoft 365 Apps for enterprise.
Which four actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and
arrange them in the correct order.
Correct Answer:
Question #7 Topic 1
You have devices enrolled in Microsoft Intune as shown in the following table.
On which devices can you apply app configuration policies?
A. Device2 only
B. Device1 and Device2 only
C. Device3 and Device4 only Most Voted
D. Device2, Device3, and Device4 only
E. Device1, Device2, Device3, and Device4
Correct Answer: C

C (100%)
Question #8 Topic 1
HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.
All devices contain an app named App1 and are enrolled in Microsoft Intune.
You need to prevent users from copying data from App1 and pasting the data into other apps.
Which type of policy and how many policies should you create in Intune? To answer, select the appropriate options in the answer area.
Correct Answer:
Question #9 Topic 1
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You plan to deploy two apps named App1 and App2 to all Windows devices. App1 must be installed before App2.
From the Intune admin center, you create and deploy two Windows app (Win32) apps.
You need to ensure that App1 is installed before App2 on every device.
What should you configure?
A. the App1 deployment configurations
B. a dynamic device group
C. a detection rule
D. the App2 deployment configurations Most Voted
Correct Answer: C

D (97%)
Question #10 Topic 1
You have a Microsoft Intune subscription.
You have devices enrolled in Intune as shown in the following table.
An app named App1 is installed on each device.
What is the minimum number of app configuration policies required to manage App1?
A. 1
B. 2 Most Voted
C. 3
D. 4
E. 5
Correct Answer: B

B (79%) A (21%)
You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.
You need to deploy a custom line-of-business (LOB) app to the devices by using Intune.
Which extension should you select for the app package file?
A. .intunemac
B. .ipa Most Voted
C. .apk
D. .appx
Correct Answer: B

B (100%)
You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1.
App1 must only accept modern authentication requests.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
Assignments -
Users or workload identities: User1
Cloud apps or actions: App1 -
Access controls -
Grant: Block access -
You need to block only legacy authentication requests to App1.
Which condition should you add to CAPolicy1?
A. Filter for devices
B. Device platforms
C. User risk
D. Sign-in risk
E. Client apps Most Voted
Correct Answer: E

E (100%)
HOTSPOT -
All users have Microsoft 365 apps deployed.
You need to configure Microsoft 365 apps to meet the following requirements:
Enable the automatic installation of WebView2 Runtime.
Prevent users from submitting feedback.
Which two settings should you configure in the Microsoft 365 Apps admin center? To answer, select the appropriate settings in the answer area.
Correct Answer:
You have a Microsoft 365 subscription.
You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM).
You need to deploy the Microsoft 365 Apps for enterprise suite to all the computers.
What should you do?
A. From the Microsoft Intune admin center, create a Windows 10 device profile.
B. From Azure AD, add an app registration.
C. From Azure AD, add an enterprise application.
D. From the Microsoft Intune admin center, add an app. Most Voted
Correct Answer: A

D (97%)
You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been offline for 30 days.
You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned
by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.
What should you use?
A. a Delete action Most Voted
B. a Retire action
C. a Fresh Start action
D. an Autopilot Reset action
Correct Answer: B

A (66%) B (31%)
You need to review the startup times and restart frequencies of the devices.
A. Azure Monitor
B. Intune Data Warehouse
C. Microsoft Defender for Endpoint
D. Endpoint analytics Most Voted
Correct Answer: D

D (100%)
HOTSPOT -
You have a Microsoft 365 E5 subscription.
You create a new update rings policy named Policy1 as shown in the following exhibit.

Correct Answer:
You have computers that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available
events from the Windows event logs.
The computers have the logged events shown in the following table.
Which events are collected in the Log Analytics workspace?
A. 1 only
B. 2 and 3 only
C. 1 and 3 only
D. 1, 2, and 4 only Most Voted
E. 1, 2, 3, and 4
Correct Answer: D

D (63%) E (37%)
You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is
enrolled in Microsoft Intune.
You need to configure the devices to run a single app in kiosk mode.
Which Configuration settings should you modify in the device restrictions profile?
A. Users and Accounts
B. General
C. System security
D. Device experience Most Voted
Correct Answer: D

D (100%)
You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune.
You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize
administrative effort.
What should you do?
A. Onboard the macOS devices to the Microsoft Purview compliance portal.
B. From the Microsoft Intune admin center, create a security baseline.
C. Install Defender for Endpoint on the macOS devices.
D. From the Microsoft Intune admin center, create a configuration profile. Most Voted
Correct Answer: C

D (62%) C (38%)
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.
You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative
effort.
Which two actions should you perform? Each correct answer presents part of the solution.
A. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the Windows Defender Antivirus settings.
B. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings.
C. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings.
D. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings. Most Voted
E. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings. Most Voted
F. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure Windows Defender Firewall with Advanced
Security.
Correct Answer: CE

DE (61%) BC (20%) Other
You have an Azure AD group named Group1. Group1 contains two Windows 10 Enterprise devices named Device1 and Device2.
You create a device configuration profile named Profile1. You assign Profile1 to Group1.
You need to ensure that Profile1 applies to Device1 only.
What should you modify in Profile1?
A. Assignments Most Voted
B. Settings
C. Scope (Tags)
D. Applicability Rules
Correct Answer: C

A (76%) 13% 11%
DRAG DROP -
You have a Microsoft 365 subscription that includes Microsoft Intune.
You need to implement a Microsoft Defender for Endpoint solution that meets the following requirements:
Enforces compliance for Defender for Endpoint by using Conditional Access
Prevents suspicious scripts from running on devices
What should you configure? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once,
or not at all. You may need to drag the split bar between panes or scroll to view content.
Correct Answer:
Your network contains an on-premises Active Directory domain and an Azure AD tenant.
The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.
You need to migrate the existing Default Domain Policy GPO settings to a device configuration profile.
Which device configuration profile type template should you use?
A. Administrative Templates
B. Endpoint protection
C. Device restrictions Most Voted
D. Custom
Correct Answer: C

C (66%) D (18%) A (16%)
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.
Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution.
A. failure events from the Security log
B. the list of processes and their execution times Most Voted
C. the average processor utilization Most Voted Most Voted
D. error events from the System log Most Voted Most Voted
E. third-party application logs stored as text files Most Voted
Correct Answer: CDE

BCD (38%) CDE (38%) ACE (15%) 8%
You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to onboard the devices to Microsoft Defender for Endpoint.
What should you create in the Microsoft Intune admin center?
A. an attack surface reduction (ASR) policy
B. a security baseline
C. an endpoint detection and response (EDR) policy Most Voted
D. an account protection policy
E. an antivirus policy
Correct Answer: C

C (87%) 13%
Your company uses Microsoft Intune to manage devices.
You need to ensure that only Android devices that use Android work profiles can enroll in Intune.
Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.
A. From Platform Settings, set Android device administrator Personally Owned to Block.
B. From Platform Settings, set Android Enterprise (work profile) to Allow. Most Voted
C. From Platform Settings, set Android device administrator Personally Owned to Allow.
D. From Platform Settings, set Android device administrator to Block. Most Voted
Correct Answer: BD

BD (100%)
HOTSPOT -
You have the device configuration profile shown in the following exhibit.
Correct Answer:
HOTSPOT -
You have 100 Windows 10 devices enrolled in Microsoft Intune.
You need to configure the devices to retrieve Windows updates from the internet and from other computers on a local network.
Which Delivery Optimization setting should you configure, and which type of Intune object should you create? To answer, select the appropriate
options in the answer area.
Correct Answer:
HOTSPOT -
You have an Azure AD tenant that contains the users shown in the following table.
You have devices enrolled in Microsoft Intune as shown in the following table.
From Intune, you create and send a custom notification named Notification1 to Group1.
Correct Answer:
You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?
A. the Company Portal app
B. Endpoint analytics
C. the Azure portal app
D. Microsoft Power BI Most Voted
Correct Answer: D

D (100%)
You have a Microsoft 365 E5 subscription and 25 Apple iPads.
You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method.
What should you do first?
A. Configure an Apply MDM push certificate. Most Voted
B. Add your user account as a device enrollment manager (DEM).
C. Modify the enrollment restrictions.
D. Upload a file that has the device identifiers for each iPad.
Correct Answer: A

A (100%)
HOTSPOT -
You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Azure AD.
The computers have different update settings, and some computers are configured for manual updates.
You need to configure Windows Update. The solution must meet the following requirements:
The configuration must be managed from a central location.
Internet traffic must be minimized.
Costs must be minimized.
How should you configure Windows Update? To answer, select the appropriate options in the answer area.
Correct Answer:
You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft
Intune.
You need to configure Delivery Optimization on the devices to meet the following requirements:
Allow downloads from the internet and from other computers on the local network.
Limit the percentage of used bandwidth to 50.
A. a configuration profile Most Voted
B. a Windows Update for Business Group Policy setting
C. a Microsoft Peer-to-Peer Networking Services Group Policy setting
D. an Update ring for Windows 10 and later profile
Correct Answer: C

A (100%)
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows
10.
You have the groups shown in the following table.
Which groups can you add to Group4?
A. Group2 only Most Voted
B. Group1 and Group2 only
C. Group2 and Group3 only Most Voted
D. Group1, Group2, and Group3
Correct Answer: D

A (71%) C (21%) 8%
DRAG DROP -
You have a Microsoft 365 subscription. The subscription contains computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to create a compliance policy that meets the following requirements:
Requires BitLocker Drive Encryption (BitLocker) on each device
Requires a minimum operating system version
Which setting of the compliance policy should you configure for each requirement? To answer, drag the appropriate settings to the correct
requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.
Correct Answer:
HOTSPOT -
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You have the Windows 11 devices shown in the following table.
You deploy the device compliance policy shown in the exhibit. (Click the Exhibit tab.)
Correct Answer:
DRAG DROP -
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to ensure that only devices running trusted firmware or operating system builds can access network resources.
Which compliance policy setting should you configure for each device? To answer, drag the appropriate settings to the correct devices. Each
setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Correct Answer:
DRAG DROP -
You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.
You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
Correct Answer:
DRAG DROP -
You have a computer that runs Windows 10 and contains two local users named User1 and User2.
You need to ensure that the users can perform the following actions:
User1 must be able to adjust the date and time.
User2 must be able to clear Windows logs.
The solution must use the principle of least privilege.
To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Correct Answer:
HOTSPOT -
You have an Azure AD tenant named contoso.com.
You have the devices shown in the following table.
Which devices can be Azure AD joined, and which devices can be registered in contoso.com? To answer, select the appropriate options in the
answer area.
Correct Answer:
HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the users shown in the following table.
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup and has the local users shown in the following table.
UserA joins Computer1 to Azure AD by using user1@contoso.com.
Correct Answer:
Your network contains an Active Directory domain. The domain contains a user named Admin1. All computers run Windows 10.
You enable Windows PowerShell remoting on the computers.
You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least
privilege.
To which group should you add Admin1?
A. Access Control Assistance Operators
B. Remote Desktop Users
C. Power Users
D. Remote Management Users Most Voted
Correct Answer: B

D (97%)
HOTSPOT -
You have a Microsoft Intune subscription.
You are creating a Windows Autopilot deployment profile named Profile1 as shown in the following exhibit. Profile1 will be deployed to Windows
10 devices.

Correct Answer:
HOTSPOT -
You have a server named Server1 and computers that run Windows 10. Server1 has the Microsoft Deployment Toolkit (MDT) installed.
You plan to upgrade the Windows 10 computers to Windows 11 by using the MDT deployment wizard.
You need create a deployment share on Server1.
What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the
appropriate options in the answer area.
Correct Answer:
DRAG DROP -
You have a Microsoft Deployment Toolkit (MDT) server named MDT1.
When computers start from the LiteTouchPE_x64.iso image and connect to MDT1, the welcome screen appears as shown in the following exhibit.
You need to prevent the welcome screen from appearing when the computers connect to MDT1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and
Correct Answer:
You use Windows Admin Center to remotely administer computers that run Windows 10.
When connecting to Windows Admin Center, you receive the message shown in the following exhibit.
You need to prevent the message from appearing when you connect to Windows Admin Center.
To which certificate store should you import the certificate?
A. Client Authentication Issuers
B. Personal
C. Trusted Root Certification Authorities Most Voted
Correct Answer: C

C (100%)
HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.
Contoso.com contains the Azure AD groups shown in the following table.
You add a Windows Autopilot deployment profile. The profile is configured as shown in the following exhibit.

Correct Answer:
HOTSPOT -
Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 11.
You need to configure the Remote Desktop settings of all the computers. The solution must meet the following requirements:
Prevent the sharing of clipboard contents.
Ensure that users authenticate by using Network Level Authentication (NLA).
Which two nodes of the Group Policy Management Editor should you use? To answer, select the appropriate nodes in the answer area.
Correct Answer:
HOTSPOT -
Azure AD joined Windows devices enroll automatically in Intune.
You have the devices shown in the following table.
You are preparing to upgrade the devices to Windows11. All the devices are compatible with Windows 11.
You need to evaluate Windows Autopilot and in-place upgrade as deployment methods to implement Windows 11 Pro on the devices, while
retaining all user settings and applications.
Which devices can be upgraded by using each method? To answer, select the appropriate options in the answer area.
Correct Answer:
Next Questions 
Get IT Certification
Unlock free, top-quality video courses on ExamTopics with a simple

registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
Start Learning for free

MD-102 Exam - Free Actual Q&as, Page 1 - ExamTopics

Uploaded by

Copyright:

Available Formats

MD-102 Exam - Free Actual Q&as, Page 1 - ExamTopics

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MD-102 Exam - Free Actual Q&as, Page 1 - ExamTopics

Uploaded by

Copyright:

Available Formats

- Expert Verified, Online, Free.

Get PDF for Microsoft MD-102 Exam

Download PDF - $29.99

 Custom View Settings

ADatum has a Microsoft 365 E5 subscription.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are configured as shown in the following table.

Microsoft Intune Configuration -

MDM user scope: GroupA -

MAM user scope: GroupB -

Folder protection: Enable -

List of apps that have access to protected folders: C:\*\AppA.exe

List of additional folders that need to be protected: D:\Folder1

Included groups: Group2, GroupB -

Windows Autopilot Configuration -

The Intune connector for Active Directory is installed on Server1.

ADatum plans to implement the following changes:

Network boundary: 192.168.1.0/24

Scope tags: Tag1 -

Connection name: VPN1 -

Connection type: L2TP -

Included groups: Group1, Group2, GroupA

Connection name: VPN2 -

Connection type: IKEv2 -

Included groups: GroupA -

Excluded groups: GroupB -

ADatum must meet the following technical requirements:

Users in GroupA must be able to deploy new computers.

Administrative effort must be minimized.

NOTE: Each correct selection is worth one point.

ADatum has a Microsoft 365 E5 subscription.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.

ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are configured as shown in the following table.

Microsoft Intune Configuration -

MDM user scope: GroupA -

MAM user scope: GroupB -

Folder protection: Enable -

List of apps that have access to protected folders: C:\*\AppA.exe

List of additional folders that need to be protected: D:\Folder1

Included groups: Group2, GroupB -

Windows Autopilot Configuration -

The Intune connector for Active Directory is installed on Server1.

ADatum plans to implement the following changes:

Network boundary: 192.168.1.0/24

Scope tags: Tag1 -

Included groups: Group1, Group2 -

Connection name: VPN1 -

Connection type: L2TP -

Included groups: Group1, Group2, GroupA

Connection name: VPN2 -

Connection type: IKEv2 -