Exam MS-101 topic 3 question 49 discussion

Yes,yes,no

Box 1: Yes. User1 is in a group Group1, so policy1 applies. Policy1 excludes compliant devices and device1 is compliant. Therefore Policy1 does not apply. User1 can access App1 from Device1. Box 2: Yes. User2 is in Group1 so Policy1 applies first. Policy1 excludes compliant devices and Device1 is compliant. Therefore, Policy1 does not apply so we move on to Policy2. User2 is also in Group2. Policy2 excludes Group2. Therefore, Policy2 does not apply so we move on to Policy3. Policy3 applies to Group1 so Policy3 applies to User2. Policy3 applies to ‘All device states’ so Policy3 applies to Device1. Policy3 grants access. Therefore, User2 can access App1 using Device1. Box 3: No. User2 is in Group1 so Policy1 applies. Policy1 excludes compliant devices but Devices is non-compliant. Therefore, User2 cannot access App1 from Device2. Note that the in Exam 100, User1 is a member of compliant group. In Exam 101, User1 is a member of Group1. However Box1 will remain yes in both cases

It's No, Yes, No Block will always win from Grant!

N Y N Exclude overrides Include Block overrides Grant No - User 1 will be blocked by Policy 2 Yes - Device 1 is excluded from Policy 1 so not blocked. Group 2 is excluded from Policy 2 so not blocked. User 2 is member of Group 1 as well so Policy 3 grants access No - User 2 on a non compliant device is blocked by Policy 1

i say n y n https://danielchronlund.com/2018/11/23/how-multiple-conditional-access-policies-are-applied/

100% Y / Y / N !!!

Yes,Yes,No appears to make the most sense.

I'm going with NNN, based upon the following deduction: Firstly, CA policies aren’t applied in any particular order. All policies apply and only the resultant matching controls are used. Additionally, with CA, Block always wins over Grant. And I believe on top of that, Exclusion always wins over Inclusion. User 1, Device 1 - ultimately Policy 2's criteria is met, so answer No User 2, Device 1 - ultimately Policy 2's criteria is met, so answer No User 2, Device 2 - ultimately Policy 1's criteria is met, so answer No

No (blocked from Policy1) Yes (Policy1 excluded, Policy2 excluded, Policy3 Grant access) No (Blocked by Policy1)

No, No, No, answer is correct. I really do not understand how everyone is confused with the policies. There is no ranking in CA policies and every policy applies, also for user2 who gets blocked.

NO,No,No Block access overrides Grant access

General consensus is No, Yes, No. Admin please update answer.

Guys, i researched this question a lot. It may seems same as the question in MS-100: https://www.examtopics.com/discussions/microsoft/view/9613-exam-ms-100-topic-3-question-1-discussion/ But it's not the same question! Be careful, there's different group name for User1. In the MS-100 question User1 is member of group "Compliant" and in our question (MS-101) User1 is member of "Group1". So this is why answers are different too! In the MS-100 it's Y, Y, N. But correct answer for our question (MS-101) is N, Y, N because Policy2 will apply to User1!

agree with Goseu N,Y,N Group 1 policy 1 device is compliant -> so excempt from block access. Policy 2 any state -> block access so box 1 = NO

CA policies aren’t applied in any particular order. All matching policys apply and the resulting access controls required by the policies will be merged! If both grant and block policies match, block will always win. No exceptions! Therefore, answer provided should be correct! both users belong to Group 1, and policy 2 blocks access.

Correct Answer is No,No,No. People forget that User 2 belongs to group1 as well. So What rules applies to User1 same rule applies to user2.

NYN Policy1: Ensures that device must be compliant, if the device is not compliant, the device will be blocked. Policy2: Excludes wins Includes and hence User 2 should be excluded for policy 2. User1 would be included which is block access. Policy3: Users who are in Group 1 will be granted access if Policy1 and 2 does not apply to them. Note: All policies of CA are applicable because there is no priority. N: User1 is blocked by policy2. Y: User2 is excluded from policy2 and granted access by policy3 and device is compliant and so excluded from policy1. N: Device2 is not compliant so blocked by Policy1.