ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 291 discussion

Actual exam question from Microsoft's MD-102
Question #: 291
Topic #: 1
[All MD-102 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription and use Microsoft Intune. The subscription contains a Microsoft Entra tenant that syncs with an on-premises Active Directory Domain Services (AD DS) domain. The tenant has Windows Local Administrator Password Solution (Windows LAPS) enabled.

You have the Windows devices shown in the following table.



You have an Endpoint security policy that is configured as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by tonyyang1091 at Oct. 12, 2024, 1:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
batang_aratan
Highly Voted 5 months ago
NYN - LAPS is supported on Microsoft Entra joined or Microsoft Entra hybrid joined devices only. Microsoft Entra registered devices aren't supported. https://learn.microsoft.com/en-us/entra/identity/devices/howto-manage-local-admin-passwords#required-roles-or-permission
upvoted 9 times
Besxp
1 week, 1 day ago
NYN: ✅ Device1: - Joined to on-premises AD DS domain (purely domain joined). - Not Entra joined / Entra hybrid joined. - Policy's backup directory is set to Azure AD only, but Device1 is not connected to Entra ID. - LAPS can’t back up the password to Azure AD → so reset will not happen correctly. - According to docs: for backing up to Azure AD, device must be Entra joined or Entra hybrid joined. Pure AD DS joined devices without Entra hybrid join cannot back up passwords to Entra ID. ✅ Device2: - Entra hybrid joined + enrolled in Intune. - Meets the requirements. - Policy set to backup password to Azure AD → works. Password will be reset every 30 days, and recoverable from Microsoft Entra ID. ✅ Device3: - Entra joined, but not enrolled in Intune. - Policy is delivered via Intune. - Device is not managed by Intune → policy will not apply. So, password will not be reset every 30 days.
upvoted 1 times
...
...
tonyyang1091
Highly Voted 9 months, 1 week ago
Answers are correct. Device 1 Yes Enrolled in Intune. Password will not backup, but reset will still apply. Device 2 Yes Backup is set to Azure AD Device 3 No Entra joined and not enrolled in Intune = Windows LAPS has to be setup manually.
upvoted 6 times
Meek_Learner
5 months, 2 weeks ago
The local administrator password of Device1 will be reset every 30 days = No Reason: Device1 is joined to the AD DS domain (simple words; Domain joined) and enrolled in Intune, but it is not Microsoft Entra joined, or hybrid joined. The Endpoint security policy (Policy1) is configured to back up the password to "Azure AD only" (Microsoft Entra ID). However, since Device1 is not connected to Microsoft Entra ID, it cannot store its local administrator password there.
upvoted 2 times
Meek_Learner
5 months, 2 weeks ago
While the policy will apply to Device1 due to its Intune enrolment, the password reset mechanism won't function correctly because of the mismatch between the device's join state and the backup directory setting. The policy requires Azure AD (Microsoft Entra ID) for password backup, which is not available for a purely AD DS domain-joined device. Therefore, the local administrator password of Device1 will not be reset every 30 days as intended by the policy. The LAPS functionality will be incomplete for this device due to the inability to back up the password to the specified location.
upvoted 1 times
examprepboy
2 weeks, 6 days ago
That makes no sense. If your device is AD joined and enrolled into Intune it means the device has a Entra join type of Hybrid. Meaning the device will get LAPS.
upvoted 1 times
cd2cfde
2 weeks, 2 days ago
Device 1 is domain joined not Microsoft entra id joined so it doesn’t apply. Even if a device is domain joined and enrolled into Intune, it doesn’t automatically mean it’s hybrid joined.
upvoted 2 times
Besxp
1 week, 1 day ago
In short Meek_Learner & cd2cfde are correct on this one.
upvoted 1 times
...
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel