You have a Microsoft 365 subscription. You plan to enable Microsoft Azure Information Protection. You need to ensure that only the members of a group named PilotUsers can protect content. What should you do?
A.
Run the Set-AadrmOnboardingControlPolicy cmdlet.
B.
Run the Add-AadrmRoleBasedAdministrator cmdlet.
C.
Create an Azure Information Protection policy.
D.
Configure the protection activation status for Azure Information Protection.
Think it's A..but that command is deprecated.. The Set-AipServiceOnboardingControlPolicy cmdlet sets the policy that controls user on-boarding for Azure Information Protection. This cmdlet supports a gradual deployment by controlling which users in your organization can protect content by using Azure Information Protection.
The Set-AadrmOnboardingControlPolicy cmdlet sets the policy that controls user on-boarding for Azure Rights Management. This cmdlet supports a gradual deployment by controlling which users in your organization can protect content by using Azure Rights Management.
https://learn.microsoft.com/en-us/powershell/module/aadrm/set-aadrmonboardingcontrolpolicy?view=azureipps#description
The Set-AipServiceOnboardingControlPolicy cmdlet sets the policy that controls user on-boarding for Azure Information Protection. This cmdlet supports a gradual deployment by controlling which users in your organization can protect content by using Azure Information Protection.
https://learn.microsoft.com/en-us/powershell/module/aipservice/set-aipserviceonboardingcontrolpolicy?view=azureipps
The option for Set-AadrmOnboardingControlPolicy should be renamed to Set-AipServiceOnboardingControlPolicy in this question. Azure Rights Mgmt is deprecated, so AIP command should be the option.
A user scope is not set during the creation of the label, but during it's publication. So C is not an option.
Also, this question is about which users can use WIP AT ALL, not who can use a specific label.
That makes A the only viable answer. (Ok, the cmd has been updated to Set-AipServiceOnboardingControlPolicy, but it used to be A. :-)
Correct Answer is C... The question says "you plan to enable" this means you havent implemented yet th AIP...therefor correct answer is C you first create an AIP
This cmdlet from the AADRM module is now deprecated (as of 2020) and has been replaced with Set-AipServiceOnboardingControlPolicy.
https://docs.microsoft.com/en-us/powershell/module/aadrm/set-aadrmonboardingcontrolpolicy?view=azureipps#description
In terms of this specific question, the answer is:
A - Run the Set-AadrmOnboardingControlPolicy cmdlet.
Just be aware of the new cmdlet.
The Set-AipServiceOnboardingControlPolicy cmdlet sets the policy that controls user on-boarding for Azure Information Protection. This cmdlet supports a gradual deployment by controlling which users in your organization can protect content by using Azure Information Protection.
First hand experience with this, the answer is A because it allows only PILOT users to use it, all others won't be able to encrypt anything. If you did C, it would allow them to create custom restrictions because AIP will be enabled for everyone even if you don't create a policy.
A IS Correct "This cmdlet from the AADRM module is now deprecated. After July 15, 2020, this cmdlet name will be supported only as an alias to its replacement in the AIPService module."
https://docs.microsoft.com/en-us/powershell/module/aadrm/set-aadrmonboardingcontrolpolicy?view=azureipps
The question says "members of a group named PilotUsers can protect content". It doesn't say you protect a group. It says a group can change the protection status.
If "https://docs.microsoft.com/en-gb/archive/blogs/kemckinn/creating-labels-for-azure-information-protection" is checked, the section "Select the protection action type" may have the answer.
I think the answer C is correct
C: By creating the policy you are protecting everyone. The only way to restrict to certain users is to use the powershell. https://docs.microsoft.com/en-us/azure/information-protection/activate-service#configuring-onboarding-controls-for-a-phased-deployment
Answer is A although the command is deprecated.
This section is not available anymore. Please use the main Exam Page.MS-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Davood
Highly Voted 4 years agoPersonT
Highly Voted 4 years, 1 month agoNitishKarmakar
Most Recent 1 year, 7 months agoNitishKarmakar
1 year, 7 months agoACTOSA
2 years, 1 month agoJakub2023
1 year, 11 months agoDidi1405
2 years, 4 months agoJamesM9
3 years, 1 month agojunjig
3 years, 1 month agoTashaGirl
3 years, 2 months agoCsed
3 years, 3 months agoedzio
3 years, 4 months agous3r
3 years, 5 months agojohn69
3 years, 5 months agoJVGT
3 years, 5 months agoPankajKumarji
3 years, 7 months agokarank19
3 years, 7 months agodonathon
3 years, 11 months agoAnoniMouse
3 years, 11 months agoTimurKazan
3 years, 4 months ago