Exam MD-102 topic 1 question 106 discussion

I would say the answer is YYY. Third one is not intune joined, so compliance policy does not apply. Anyway, I still say device is compliant. I have not found a single compliant device in my test tenant. They were either n/a or not compliant.

I think the key is with Device 3 is "monitoring", Device 3 can't report back if not enrolled according to this: https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor If I understand right. It seems the device needs to be enrolled anyway, according to some other article too. Device 3 should be No I think

I would say YYY the last question is tricky as it says not compliant

Answers are correct folks, this is why....first two we agree on, third is stated as not compliant, answering no= compliant for the default settings of devices not enrolled in intune with no device compliance policy applied. So....actually these are correct.

YYY - comp1-compliant -grace period, -comp2 - compliant-FW enabled and Bit locker enabled Comp3-not compliant, not entra joined and FW is disabled

This a tricky question when it comes to the evaluation of device 2. There's two types of compliance in devices in the Intune portal, one being the Intune compliance and the other one being the Entra ID compliance. Device 2 will meet the compliance requirements for Intune compliance, but not the Entra ID compliance because it is registered and not in a Joined/Hybrid state.

resposta correta

Answer from ChatGPT: If a device is only registered with Azure AD but not enrolled in Intune, it does not have to comply with Intune compliance policies. Compliance policies in Intune are used to set rules for devices managed with Intune1. However, there is a setting in Intune’s compliance policy settings that determines how Intune treats devices that haven’t been assigned a device compliance policy. This setting has two values1: Compliant (default): Devices that aren’t sent a device compliance policy are considered compliant. Not compliant: Devices that haven’t received a device compliance policy are considered noncompliant. So, if you want to apply a compliance policy from Intune to a device, it needs to be enrolled in Intune. It does not matter if the device is Azure AD registered or joined as long as the device is enrolled in Intune2

Y,Y,Y to me. Computer 1 is in a grace period because policy 1 applies to it and it does not have bitlocker activated. Computer 2 is compliant because policy 1 applies to it and bitlocker is activated. Computer 3 is not compliance (SO THE ANSWER IS Y) because policy 2 applies to it and firewall is disabled.

amckinson_Android_10/16/2023_4:38 PM Intune Personal Noncompliant Android (device administrator) 9.0 [email protected] 29/11/2023, 04:29 Microsoft Entra registered anutbrown_Android_3/15/2023_1:34 PM Intune Personal In grace period Android (device administrator) 13.0 [email protected] 08/11/2023, 15:06 Microsoft Entra registered The answer is Yes Yes Yes, if you can put a device in a group you can apply a compliance policy.

Computer 3 is not enrolled in Intune, therefore it can't receive the compliance policies. It may be registered in Azure AD but Intune ultimately is what plays the role here.

I have a question... IF computer 3 is not registered (or joined), how does it belong to group 3) Beyond this joke, the answers seem to be correct Computer 1 is in a grace period because policy 1 applies to it and it does not have bitlocker activated. Team 2 is compliance because pass the policy1. Team 3 is not compliance because it does not belong to the Azure Ad in question

Device must be joined to AAD and/or registered in Intune to receive compliance policy. Usually: AADJ: Corporate device, AADR: private device (does not apply with this question)

No Yes Yes Looks like is wrong, correct me.

should be Y,Y,Y ? no ?