Exam MD-102 topic 1 question 267 discussion

In similar previous questions, the keyword was 'tamper.' Now I've learned the steps necessary to apply tamper protection... thanks to the exam topics.

The correct answer is B. From the Microsoft Intune admin center, create an antivirus policy. Here’s the reasoning: Microsoft Defender for Endpoint is an antivirus solution, and its settings can be managed through an antivirus policy in Microsoft Intune. This includes settings that prevent users from disabling the antivirus. Therefore, creating an antivirus policy in the Microsoft Intune admin center would be the appropriate action to take. Option A, creating a security baseline, is not the best choice because security baselines are predefined sets of recommended security settings that might not cover the specific requirement of preventing users from disabling Microsoft Defender for Endpoint. Option C, creating a Conditional Access policy in the Microsoft Entra admin center, is not applicable because Conditional Access policies are used to enforce access controls based on conditions, not to manage antivirus settings. Option D, creating a device compliance policy, is also not the best choice because device compliance policies are used to determine whether a device is compliant with the organization’s rules, not to manage antivirus settings.

To prevent users from disabling Microsoft Defender for Endpoint on Windows 11 computers managed through Microsoft Intune, you should create an antivirus policy from the Microsoft Intune admin center. Antivirus policies in Intune allow administrators to enforce Microsoft Defender security settings, ensuring that users cannot disable key protection features. The antivirus policy will include settings to: Enable Tamper Protection, preventing users from modifying security settings. Ensure real-time protection remains enabled. Configure attack surface reduction rules to enhance endpoint security. By using an antivirus policy, you can enforce and maintain Microsoft Defender for Endpoint configurations effectively across your organization's devices.

I checked it

B is correct

B is correct answer

B should be correct based on: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune?view=o365-worldwide#:~:text=In%20the%20Intune%20admin%20center%2C%20go,Deploy%20the%20policy%20to%20devices.

To prevent users from disabling Microsoft Defender for Endpoint on the Windows 11 computers enrolled in Microsoft Intune, you should: A. From the Microsoft Intune admin center, create a security baseline. Security baselines in Microsoft Intune provide a set of pre-configured Windows settings and recommended configurations to help secure your devices. By creating a security baseline, you can enforce specific security settings, including those related to Microsoft Defender for Endpoint. This ensures that the recommended security configurations are applied to the Windows 11 computers, and users are prevented from disabling Microsoft Defender for Endpoint. Option B (creating an antivirus policy) might be related to specific settings for Microsoft Defender Antivirus, but using a security baseline is a more comprehensive approach. Options C (Conditional Access policy) and D (device compliance policy) are typically used for access control and compliance checks but may not specifically address the prevention of users disabling Microsoft Defender for Endpoint.

Could be B, isn't it?