ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 3 question 23 discussion

Actual exam question from Microsoft's MS-500
Question #: 23
Topic #: 3
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription.
From Microsoft Azure Active Directory (Azure AD), you create a security group named Group1. You add 10 users to Group1.
You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-conditional-access
by PeterC at March 13, 2021, 11:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Joshing
Highly Voted 3 years, 10 months ago
Correct answer for 1 is Users and Groups, Cloud Apps, Session. You then configure a new OwaMailboxPolicy and then set the ConditionalAccessPolicy setting with either ReadOnly or the ReadOnly and blocking attachments. You can then assign the policy to individual mailboxes. Documentation: https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069
upvoted 20 times
hyve
3 years, 7 months ago
Correct 100%
upvoted 3 times
...
cld475
2 years, 6 months ago
That's not correct for 1. You configure it in Conditions and there under "Filter for devices". Here you can setup the "non compliance devices" filter.
upvoted 2 times
...
...
kiketxu
Highly Voted 4 years, 3 months ago
I would say both are correct. Look at this article: https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069 Also you can find there the old thread discussion: https://www.examtopics.com/discussions/microsoft/view/6139-exam-ms-500-topic-3-question-8-discussion/
upvoted 10 times
ellik
4 years, 1 month ago
yes , the cmdlet is Set-OwaMailboxPolicy. That cmdlet contains the parameter ConditionalAccessPolicy.
upvoted 1 times
...
maxsh3
3 years, 1 month ago
in the link you provides ,it states it should be session settings not conditions
upvoted 1 times
...
...
ysm
Most Recent 2 years, 2 months ago
answer is correct: conditions => filter for devices => query => is compliant
upvoted 1 times
...
AmplifiedStitches
2 years, 2 months ago
Answer is correct, looks like you have to configure this from both the graphical Azure AD site as well as from PowerShell. 1. New-OwaMailboxPolicy -Name PolicyName 2. Set-OwaMailboxPolicy -Name PolicyName -ConditionalAccessPolicy [ReadOnly | ReadOnlyPlusAttachmentsBlocked] References: - https://learn.microsoft.com/en-us/powershell/module/exchange/set-owamailboxpolicy?source=recommendations&view=exchange-ps - https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069#:~:text=Steps%20to%20Configuring%20Conditional%20Access%20%2F%20Limited%20Access,your%20existing%20one%20Set-OwaMailboxPolicy%20-Identity%20Default%20-ConditionalAccessPolicy%20ReadOnly
upvoted 1 times
...
preeya
2 years, 10 months ago
answer mentioned here is correct, passed on exam july 27,2022
upvoted 4 times
...
Jhill777
3 years, 3 months ago
You don't need to set anything under conditions since the location is "all locations". Need to set "App based restrictions" under session. Set "Require device to be compliant" under "Grant". Asshole question.
upvoted 4 times
Jhill777
3 years, 3 months ago
I'm wrong...and right. You need to "Filter for Devices" under conditions and set is compliant to false. So both contains and session are required.
upvoted 3 times
Jhill777
3 years, 3 months ago
Conditions and Session
upvoted 3 times
...
...
...
DashRyde
3 years, 3 months ago
For the first question I think it should be (Session and condition) since ( Session = app enforced restriction ) << which is one of the requirement in the question also (Condition = To filter the non-compliant devices) correct me if am wrong
upvoted 3 times
...
mbecile
3 years, 5 months ago
Given answers are correct, as itbrpl pointed out. You need to restrict activity via a conditional access policy for Group1 (Users & Groups) when using Exchange Online (Cloud Apps) dependent on their location (Condition).
upvoted 1 times
...
itbrpl
3 years, 5 months ago
Look... based on the scenario.. you need to block a group, for a given app and in any location... so it means Users and Groups (Group1), Cloud Apps (Exchange Online) and Condition (Location).. you don't need to set anything under Session...
upvoted 3 times
...
mkoprivnj
3 years, 6 months ago
Users and Groups, Cloud Apps, Session Set-OwaMailboxPolicy
upvoted 3 times
...
Fearless90
3 years, 6 months ago
Microsoft 365 Security Administration: MS-500 Exam Guide Peter Rising Page 66 to Page 69 From the Azure portal, create a conditional access policy and configure: - Users and groups, Cloud apps, and Conditions settings (Correct) Users and Groups to target -> Group 1 Cloud Apps to select -> Exchange Online Conditions to target -> Non-compliant devices
upvoted 4 times
...
Rstilekar
3 years, 6 months ago
First one should be Users and Groups, Cloud Apps, Session (You don't need to specify any conditions. It also says you need to enforce App Enforced Restrictions which is an option you can select in Session.) Second one is correct. (the cmdlet is Set-OwaMailboxPolicy. That cmdlet contains the parameter ConditionalAccessPolicy.) ((Use the Set-OwaMailboxPolicy cmdlet to configure existing Outlook on the web mailbox policies.)) https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069
upvoted 1 times
...
EzeQ
3 years, 10 months ago
This question made me wonder, how in CA I can enforce the app enforced restrictions *ONLY* to non compliant devices? Can you help me on this?
upvoted 2 times
...
james1
4 years ago
This is not possible with the given answers, not anymore atleast since targeting of non-compliant devices has moved to Conditions (Now in Preview) Users and Groups to target -> Group 1 Cloud Apps to select -> Exchange Online Conditions to target -> Non-compliant devices Session to apply -> app-enforced restrictions
upvoted 6 times
...
ZakS
4 years ago
First one should be Users and Groups, Cloud Apps, Session Second one is correct. https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069
upvoted 4 times
...
averyfree
4 years, 1 month ago
Answer A is wrong. You don't need to specify any conditions. It also says you need to enforce App Enforced Restrictions which is an option you can select in Session. Correct answer is Users and Groups, Cloud Apps, Session
upvoted 4 times
...
TimurKazan
4 years, 1 month ago
Actually, this should be - Users and groups - Cloud Apps - Conditions - Session but there is no such answer
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel