ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 77 discussion

Actual exam question from Microsoft's SC-300
Question #: 77
Topic #: 2
[All SC-300 Questions]

You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3 and a Microsoft SharePoint Online site named Site1.

The subscription contains the devices shown in the following table.



The users sign in to the devices as shown in the following table.



You have a Conditional Access policy that has the following settings:

• Name: CA1
• Assignments
o Users and groups: User1, User2, User3
o Cloud apps or actions: SharePoint - Site1
• Access controls
o Session: Use app enforced restrictions

From the SharePoint admin center, you configure Access control for unmanaged devices to allow limited, web-only access.

Which users will have full access to Site1?

  • A. User1 only
  • B. User2 only
  • C. User3only
  • D. User1 and User2 only
  • E. User1, User2, and User3
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Intrudire at Oct. 18, 2023, 9:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vaaws
Highly Voted 1 year, 9 months ago
The users who will have full access to Site1 are User1 and User2 only. The Conditional Access policy is configured to include User1, User2, and User3, but the Access control for unmanaged devices in the SharePoint admin center allows only limited, web-only access. Therefore, only User1 and User2, who sign in from managed devices, will have full access to Site1. The correct answer is D. User1 and User2 only.
upvoted 22 times
Oskarma
6 months, 1 week ago
I think vaaws is right. A managed device can be registered of joined, and in the question is not said anything about compliant or not.
upvoted 4 times
...
...
jlbrandes
Highly Voted 1 year, 9 months ago
Selected Answer: A
Only Joined devices are managed. https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-managed-unmanaged-devices?view=o365-worldwide&tabs=Managed
upvoted 17 times
Phil_79
1 month, 3 weeks ago
Android devices managed by Intune are Registered. Joined is only for Windows Device. Here we have a compliance status for the registered device and the compliance is only evaluated by Intune... so the device in managed.
upvoted 1 times
...
armid
6 months ago
nope. The article you linked says this (and check the second bullet point/paragraph) For their part in protecting managed devices, users can: Use the Microsoft Authenticator app to sign in. The Microsoft Authenticator app works with all accounts that use multi-factor authentication (MFA). To learn more, see Download and install the Microsoft Authenticator app. Join their devices to your organization's network. Users can follow a process to register their device, set up MFA, and complete the sign-in process using their account. To learn more, see Join your work device to your work or school network. Make sure antivirus/antimalware software is installed and up to date on all devices. Once devices are onboarded, antivirus, antimalware, and other threat protection capabilities are configured for those devices. Users are prompted to install updates as they come in. To learn more, see See Keep your PC up to date.
upvoted 1 times
csi_2025
5 months, 2 weeks ago
Its been a while since I did this but if you follow the link in the segment you mean it shows instructions which joins your device, not register it. Secondly we don't have information if the Device2 is company or privately owned since you can add register private devices too so I would default and say that Device2 is a private device and therefore does not get full access.
upvoted 1 times
...
...
...
krzkrzkra
Most Recent 3 weeks, 4 days ago
Selected Answer: B
B. User2 only
upvoted 1 times
...
Shaon
1 month, 3 weeks ago
Selected Answer: D
User 1 and User 2 can access Site 1 as their devices are managed by the org
upvoted 1 times
...
csi_2025
5 months, 2 weeks ago
Selected Answer: A
Tbh we are not given enough information. According to this https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices devices which are not hybrid AD joined or not compliant in Intune are declared unmanaged. We know its a joined device but not a hybrid AD joined one -> we could assume that any type of joined device would be allowed We know that the devices are (not) compliant but we don't know if they use Intune, the compliance state could be from Entra ID. Therefore I stay with A unless someone can proof otherwise.
upvoted 1 times
...
YesPlease
5 months, 3 weeks ago
Selected Answer: A
Answer a) User1 will get FULL ACCESS "Use app enforced restrictions" limits access on UNMANAGED devices. Just cause Device1 is "noncompliant" doesn't mean that they are being blocked from accessing the SharePoint site. Device2 and Device3 are not managed devices and will not be able to get full access to the site.
upvoted 1 times
...
59e8fdb
5 months, 3 weeks ago
Selected Answer: B
Given answer is correct. Only compliant device/Entra joined device. Not compliant devices are considered unmanaged devices!
upvoted 1 times
...
Frank9020
6 months, 3 weeks ago
Selected Answer: B
Only User2 is using a device that meets the conditions for full access (Azure AD registered and compliant). Both User1 and User3 are restricted to web-only access because their devices are either noncompliant or unmanaged.
upvoted 3 times
...
Grg433
7 months ago
Selected Answer: B
User Analysis: User1 (using Device1, non-compliant): Since the device is Azure AD joined but non-compliant, it is considered unmanaged. Therefore, User1 will have limited, web-only access to Site1. User2 (using Device2, compliant): The device is Azure AD registered and compliant, which qualifies it as a managed device. Thus, User2 will have full access to Site1. User3 (using Device3, not Azure AD joined, compliance not applicable): Since the device is not Azure AD joined and compliance is not applicable, it is considered unmanaged. Therefore, User3 will have limited, web-only access to Site1. Conclusion: Only User2 will have full access to Site1 because they are using a compliant, Azure AD registered device.
upvoted 2 times
...
Matt19
7 months, 4 weeks ago
Selected Answer: A
Entra Joined devices are considered to be managed devices so - A
upvoted 1 times
...
Matt19
8 months ago
Selected Answer: B
B is correct, need a Joined device.
upvoted 3 times
Matt19
7 months, 3 weeks ago
correction - I meant A as option A is Entra Joined
upvoted 1 times
...
...
AleFerrillo
1 year, 3 months ago
Selected Answer: B
The key here is the compliancy status. "you can block or limit access to SharePoint and OneDrive content from unmanaged devices (those not hybrid AD joined or compliant in Intune)" so any compliant device is considered Managed and any non-compliant is considered Unmanaged.
upvoted 8 times
...
bpaccount
1 year, 3 months ago
Selected Answer: B
I thinks its B also.
upvoted 5 times
...
KRISTINMERIEANN
1 year, 4 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-managed-unmanaged-devices?view=o365-worldwide&tabs=Managed
upvoted 1 times
...
HartMS
1 year, 4 months ago
Option B: User2 Only User 1 will have full access. Since this policy restricts the access for unmanaged devices. Joined = Managed Registered = Unmanaged The compliance does not matter since "Device requires to be marked as Compliant" is not a criteria here.
upvoted 3 times
HartMS
1 year, 4 months ago
Correcting myself: Option A: User 1 Only
upvoted 3 times
...
...
belyo
1 year, 5 months ago
Selected Answer: B
User1 is using Device1, which is joined but non-compliant. Since the device is non-compliant, User1 will have limited, web-only access to Site1 due to the SharePoint Access control settings.
upvoted 5 times
...
Ody
1 year, 5 months ago
Gotta love Micrsoft exams. This implies none of them have access. As a SharePoint Administrator or Global Administrator in Microsoft 365, you can block or limit access to SharePoint and OneDrive content from unmanaged devices (those not hybrid AD joined or compliant in Intune). https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel