Exam MS-500 topic 2 question 3 discussion

Answer is right. Device 2 is not intune managed so policy does not apply to user 2

I would say here: NO, YES, "YES". In the third, User2 w/Device2 matches with iOS Policy4 for GroupB.

I go for NYN but in different way: user1->> GRP1 : GRP1->> POL1 = POL3 is not applied user2->> GRP2 : GRP2->> POL2 = POL2 is applied user2->> GRP2 : GRP2->> POL2 = POL4 is not applied They don't ask if the devices are compliant or not but if the policies are applied or not

This question tests your understanding of app protection policies. App protection policies are applied to groups with users and not groups with devices. The device group is there as a distraction, you should only focus on the groups with users. This explains how app protection policies can protect organisation data on unmanaged/personal devices. The answer remains No Yes, No since the app protection policies are applied to the groups with the users and not groups with devices

answer is correct, the managed state bugged me: https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policies?WT.mc_id=Portal-fx#target-app-protection-policies-based-on-device-management-state

Answer is: N Y N Since Policy3 applies to iOS and Device1 is a Windows 10 device Policy3 does not apply. Since User2 is a member of Group2 and Policy2 apply to Windows 10 devices, Policy2 applies to User2 on Device1. User2 isn't a member of Group2 and since you need to have users as part of the protected group Policy4 does not apply to Device2 / User2.

Can anyone tell me what's the meaning of "Apps on intuned managed devices"?

N, Y, N

https://docs.microsoft.com/en-us/mem/intune/apps/quickstart-create-assign-app-policy "App protection policies can only be applied to groups that contains users, not groups that contain devices."

given answers are correct, a device needs to be intune managed to apply to an APP

which one is correct?

Answer is correct: Yes, No, Yes.