Exam MD-102 topic 1 question 130 discussion

While A. Microsoft Defender Exploit Guard is also available in Intune and provides features like folder protection, it does not specifically restrict write access based on a trusted list of applications—its focus is more on mitigating exploit techniques and protecting files broadly. On the other hand, MDAC is designed to explicitly control which applications are trusted to interact with specific files or folders, making it the right choice for this scenario.

We should configure Controlled Folder Access under Microsoft Defender Exploit Guard. Controlled Folder Access is a feature of Microsoft Defender for Endpoint that protects sensitive folders from unauthorized changes by malicious or untrusted applications.

Configure Controlled Folder Access: In the Endpoint protection profile, go to Microsoft Defender Exploit Guard. Under Controlled folder access, enable the setting. Specify D:\Folder1 as the folder that you want to protect. Define the list of trusted applications that are allowed to write to the folder by specifying the file paths of these apps under the Allow apps to access protected folders section.

you need to add the folder tobe protected

A is correct, trust me

Windows > Configuration > Administrative Templates > Windows Components > MS Defender AV > MS Defender Exploit Guard > Controlled Folder Access. This is why A is correct.

D Microsoft Defender Application Control (formerly known as Windows Defender Application Control) allows you to control which applications are allowed to run on your devices based on defined policies. By configuring Application Control policies in the device configuration profile, you can restrict write access to the D:\Folder1 directory to only trusted applications, thereby ensuring the security of the folder's contents.

Tested. option A

Devil is in the detail. "Managed using Intune". Microsoft Defender Application Control is set up through The defender Portal, therefor answer is A because it need sto be set up "managing" via Intune.

https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy

ChatGPT: To ensure that only a trusted list of applications is granted write access to the folder D:\Folder1 on Windows 10 computers managed by Microsoft Intune, you should configure **Microsoft Defender Application Control** (option D) in the device configuration profile. Microsoft Defender Application Control allows you to control which applications are allowed to run on the device, thereby ensuring that only trusted applications have access to the specified folder.

A. Microsoft Defender Exploit Guard This is an ASR rule which is part of Exploit Guard Ref: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide#microsoft-intune Ref: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide

Some of you are mixing up what WDAC is all about: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune Given answer A is correct

https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy#create-an-exploit-guard-policy:~:text=Controlled%20folder%20access%3A%20Configure%20blocking%20or%20auditing%2C%20and%20then%20add%20Apps%20that%20can%20bypass%20this%20policy.%20You%20can%20also%20specify%20additional%20folders%20that%20are%20not%20protected%20by%20default.

Answer is A.

Answer is A.

Answer is A: https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy You can configure and deploy Configuration Manager policies that manage all four components of Windows Defender Exploit Guard. These components include: Attack Surface Reduction Controlled folder access Exploit protection Network protection