You have a Microsoft 365 environment that contains 1,000 mailboxes. You need to ensure that only an administrator named Admin1 can use the Exchange Management Shell to manage Exchange Online settings. What should you do?
A.
For Admin1, run the Set-User cmdlet and specify the -RemotePowerShellEnabled parameter.
B.
Create a conditional access policy and apply the policy to all users.
C.
Create a conditional access policy and apply the policy to Admin1.
D.
For all users, run the Set-User cmdlet and specify the -RemotePowerShellEnabled parameter.
Found only this one:
https://docs.microsoft.com/en-us/powershell/exchange/control-remote-powershell-access-to-exchange-servers?view=exchange-ps
And according to that the answer is D.
Agreed based on above link. "By default, all user accounts have access to remote PowerShell. However, to actually use remote PowerShell to connect to an Exchange server, the user needs to be a member of a management role group, or be directly assigned a management role that enables the user to run Exchange cmdlets. For more information about role groups and management roles," So you would disable this for other users I think .
I agree with Tumbrik. The answer is D
https://docs.microsoft.com/en-us/powershell/exchange/control-remote-powershell-access-to-exchange-servers?view=exchange-ps
The answer is D as per : https://learn.microsoft.com/en-us/powershell/module/exchange/set-user?view=exchange-ps
The article says :
$true: The user has access to remote PowerShell.
$false: The user doesn't have access to remote PowerShell.
The default value depends on the management roles that are assigned to the user.
And by default any user is created has this value =true and i confirmed that from my lab, so the default action to to change it to false on all users
I like B, it's easy to create the policy. A is not correct, and D does not specify the correct True/False Parameters, nor the exclusion/inclusion of 'other' or 'not' user1 users. There is a script in the link. The general statement to create a conditional access policy is way better than a sort of correct answer with incomplete powershell parameters. It's a good question to think about!
Following link gives the answer, but it is not one of the option
https://docs.microsoft.com/en-us/powershell/module/exchange/set-clientaccessrule?view=exchange-ps
This question doesn't make sense. Remote powershell is enabled for everyone by default, but only accounts that are assigned a role group can actually run powershell cmdlets. No role group, no cmdlets. There is no answer that reflects that.
RemotePowerShellEnabled needs to have $true or $false afterward and in this case for all users needs $false but in the answers, we could not find it $false then B should be the correct answer.
https://docs.microsoft.com/en-us/powershell/exchange/control-remote-powershell-access-to-exchange-servers?view=exchange-ps
A: Incorrect because by default, all user accounts have access to remote PowerShell "https://docs.microsoft.com/en-us/powershell/exchange/control-remote-powershell-access-to-exchange-servers?view=exchange-ps#what-do-you-need-to-know-before-you-begin"
B: the most probable, search "Exchange Online PowerShell" inside "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#client-apps"
C: no restrictions apply
D: Incorrect because by default, all user accounts have access to remote PowerShell AND not mention an exception
Agree. And setting Remote PowerShell will clear the setting for existing users , not for those who will be added in the future. Conditional Access policy will ensure they wont have access as well.
All M365 users have Remote PowerShell enabled by default.
You would have to disable it for all users, then enable it for the Administrator.
Answer should be "D"
A
https://docs.microsoft.com/en-us/powershell/module/exchange/set-user?view=exchange-ps#:~:text=The%20Set-User%20cmdlet%20contains%20no%20mail-related%20properties%20for,assigned%20permissions%20before%20you%20can%20run%20this%20cmdlet.
-RemotePowerShellEnabled
The RemotePowerShellEnabled parameter specifies whether the user has access to remote PowerShell. Remote PowerShell access is required to open the Exchange Management Shell or the Exchange admin center (EAC), even if you're trying to open the Exchange Management Shell or the EAC on the local Mailbox server. Valid values are:
$true: The user has access to remote PowerShell.
$false: The user doesn't have access to remote PowerShell.
Based on the link provided by Tumbrik I think that the answer is clearly A
You just need to enable Remote Powershell for that user. And in any case the C. The others says "All users" and does not mention any "Exception" therefore does not meet the goal.
where do i find the related link to support the answer?
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.MS-203 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tumbrik
Highly Voted 3 years, 7 months agoslimeycat
3 years, 7 months agoARYMBS
2 years, 2 months agowaseemsmr
Highly Voted 3 years, 6 months agoAmir1909
Most Recent 6 months, 2 weeks agoyaboo1617
9 months agoMeenous
1 year agoPaulie69
1 year, 6 months agoJoeGuan
1 year, 7 months agoSreeSree
2 years agoalex_p
1 year, 12 months agoSkyGurl
2 years, 2 months agowainse
2 years, 10 months agoBobalo
2 years, 10 months agoSara_Mo
3 years, 4 months agojeffangel28
3 years, 3 months agogisbern
3 years, 2 months agoStev_M
3 years, 5 months agoJfran
3 years, 5 months agoRaulchamy
3 years, 6 months agoadavydov
3 years, 6 months agoHammertime
3 years, 7 months ago