Exam MD-102 topic 1 question 37 discussion

YNN , *** Excluded Groups *** group 2, and per Microsoft "exclusion" take precedence over "inclusion "

Y - Applies and Bitlocker enabled N - Applies and Bitlocker disabled Y - Compliance check doesn't apply Mark devices with no compliance policy assigned as: This setting determines how Intune treats devices that haven't been assigned a device compliance policy. This setting has two values: "Compliant (default): This security feature is off. Devices that aren’t sent a device compliance policy are considered compliant." https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings

Yes, NO, NO Excluded groups take precedence over included groups when applying policies. This means if a device or user is part of both an included and an excluded group, the policy will not be applied to them. https://techcommunity.microsoft.com/t5/microsoft-intune/device-in-include-and-exclude-group/td-p/1191297

To determine whether each device will have the policy assigned and be marked as compliant, let's analyze the provided information: Device1: Member of Group1 BitLocker is enabled Group1 is included in the policy assignment Not excluded Device2: Member of Group1 and Group3 BitLocker is disabled Group1 and Group3 are included in the policy assignment Not excluded Device3: Member of Group1 and Group2 BitLocker is enabled Group1 is included in the policy assignment Group2 is excluded Given these details, the answers are: Device1 will have Policy1 assigned and will be marked as compliant: Yes Device2 will have Policy1 assigned and will be marked as compliant: No (BitLocker is disabled) Device3 will have Policy1 assigned and will be marked as compliant: No (Member of excluded Group2)

the last device will be complaint because for default if no policy is assigned device is marked compliant, but the question ask if the policy will be assigned and it will be marked complaint, so the final answer is NO, due it will be marked complaint but because NO POLICY will be assigned

Answers are correct

I think answers are correct Y - Applies and Bitlocker enabled N - Applies and Bitlocker disabled N - Least rights count for Group2 because its excluded from the policy. So marked as NON compliant immediately.

Even though the option says policy is assigned to the device3 it won't apply to it as exclusion takes precedence and eventually makes the device compliant, because in case of not applicable or targeted, Intune marks it as compliant. This helps avoid unnecessarily marking devices non-compliant due to missing policies that don't apply to them

You can't really know if the given answer is correct, this is purely based on your default Compliane Policy Settings, if no changes have been made, Device3 will be marked compliant.

I dont understand the answers here. It should be NNN ??? When the policy is applied the device will be set as non-compliant. So every answer will be no??

Correct

Y, N, N Device1 group1 enabled bitlocker device2 group1 & 3 disabled bitlocker device3 group1 & 2 enabled bitlocker bitlocker: require include group1 & group3 exclude group2

YNN Device 1: Already have bitlocker enabled. Device 2: Didnt have bitlocker enabled Device 3: Configured on excluded group therefor policy will not apply

Yes No Yes I agree with letters, for otherwise the question would have to state that devices with no policy aren't compliant.

Yes,No,No correct answ, took the exam today and all the points from the question.

Yes No No

Y - policy assigned and compliant N - policy assigned and not compliant N - policy not assigned N