ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-101 All Questions

View all questions & answers for the MD-101 exam
Go to Exam

Exam MD-101 topic 3 question 49 discussion

Actual exam question from Microsoft's MD-101
Question #: 49
Topic #: 3
[All MD-101 Questions]

HOTSPOT -
You have devices that are not rooted enrolled in Microsoft Intune as shown in the following table.

The devices are members of a group named Group1.
In Intune, you create a device compliance location that has the following configurations:
✑ Name: Network1
✑ IPv4 range: 192.168.0.0/16
In Intune, you create a device compliance policy for the Android platform. The policy has the following configurations:
✑ Name: Policy1
✑ Device health: Rooted devices: Block
✑ Locations: Location: Network1
✑ Mark device noncompliant: Immediately
✑ Assigned: Group1
The Intune device compliance policy has the following configurations:
✑ Mark devices with no compliance policy assigned as: Compliant
✑ Enhanced jailbreak detection: Enabled
✑ Compliance status validity period (days): 20
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/intune/device-compliance-get-started
by Testtest123 at May 3, 2021, 7:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mikey82
Highly Voted 3 years, 9 months ago
D1 YES (no compliance policy applies to Windows device) D2 YES (no compliance policy applies, as the policy applies to a different subnet) D3 YES (Policy applies, but device is compliant as it is UNROOTED, and therefore will not be marked as noncompliant)
upvoted 27 times
SR1991
1 year, 12 months ago
Not Wright. It is yes, no yes. 1. Yes , no compliance policy (there is only a Android device compliance policy. So no compliance policy = compliant 2. No, ip range location is part of device compliance policy. Not in ip range so set device is not complaint. 3. Yes , unrooted and in ip range = compliant https://configmgrblog.com/2018/06/05/new-in-intune-location-based-device-compliance-for-android/
upvoted 1 times
...
Angarali
3 years, 2 months ago
The device compliance policy for the Android platform applies to Group1, which device 2 is part of. Due to device 2 not being as part of the device compliance location IP range, it will be marked as noncompliant, immediately. Therefore the answer is Yes, No, Yes.
upvoted 10 times
...
...
Alexbz
Highly Voted 4 years, 1 month ago
Supplied answers are correct. D1: compliant because of “ mark devices with no compliance policy assigned as compliant “ D2: Not compliant because of the IP subnet D3 compliant OS is android and IP subnet is in Network 1 location
upvoted 24 times
tf444
3 years, 8 months ago
Mark devices with no compliance policy assigned as: Compliant!
upvoted 6 times
forExamCert2023
3 years, 3 months ago
True! First come this: "Mark device NONCOMPLIANT: Immediately" Then comes this: "Mark devices with NO COMPLIANCE policy assigned as: CompliANT" So step two turns the "NONCOMPLIANT" to CompliANT. Sometimes overthinking makes things complicated while the answer is right in front of us.
upvoted 2 times
forExamCert2023
3 years, 3 months ago
Answer is Yes, Yes, Yes.
upvoted 2 times
Shalen
2 years, 4 months ago
@forExamCert2023 , shouldnt the most restrictive apply ?
upvoted 1 times
...
...
...
Graz
2 years, 6 months ago
It has a compliance policy, its just marked as non compliant based on the requirements. That statement would apply to hypothetical devices not in group 1.
upvoted 1 times
...
...
Angarali
3 years, 3 months ago
"In Intune, you create a device compliance policy for the Android platform." "Mark devices with no compliance policy assigned as: Compliant"
upvoted 2 times
...
...
Amir1909
Most Recent 1 year, 5 months ago
Yes No Yes
upvoted 1 times
...
dawnbringer69
2 years, 2 months ago
Answers Are YNY.
upvoted 1 times
dawnbringer69
2 years, 2 months ago
As far as answers are conserned: 1. Yes. The policy doesnt apply to a Windows Device And No compliance Setting Applies = Compliant. 2. No. According to the link Below: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy#create-the-policy When Creating a Policy, there is a paragraph on Section 7 Stating: "Another example includes the use of Locations where you add at least one location to a compliance policy. In this case, the default action for noncompliance applies when you select at least one location. If the device isn't connected to any of the selected locations, it's considered not compliant. You can configure the schedule to give your users a grace period, such as one day." 3. Yes. Policy Applies and the Device is Compliant. Hence, YNY.
upvoted 1 times
...
...
AliNadheer
2 years, 4 months ago
based on this policy setting : Mark devices with no compliance policy assigned as: Compliant device 2 should be considered as compliant for 20 days only, then will be marked as non compliant. i would say Yes for all.
upvoted 1 times
...
raduM
2 years, 9 months ago
ok how exactly do you set the compliance location and haow exactly to you put the network in the compliance policy? i am really trying to test this... with this information i would go with yes yes yes as i have no idea if one of the devices is rooted or not
upvoted 1 times
DashP
2 years, 7 months ago
What I understood by carefully reading, Question says that they are "unrooted" devices. Network location and being an android are the scope of the policy but what policy exactly check to block devices is whether they are unrooted or not.
upvoted 1 times
...
...
Russ_A7x
2 years, 11 months ago
YNY Device 2 is a part of group one so the compliance policy is applied and gets marked NC. If device 2 was not in group1 it would get marked as compliant.
upvoted 3 times
...
saminsweden
2 years, 11 months ago
It is not possible to create location based compliance policies for android today. This location based access control is now in AAD.
upvoted 2 times
...
Whatsamattr81
3 years ago
Surely Y N Y... You deploy policies by group, not IP or a particular subnet. Just because the first android is not in Network one does not mean it wont get the policy - its in Group 1. All it means is that its in an untrusted subnet, which depending on how you handle it, will see it as non-compliant.
upvoted 3 times
...
WinryKate
3 years ago
I am so confused. What answer is correct, the given is different than the discussions which vary...
upvoted 1 times
silver_bullet666
3 years ago
I believe the answer is Y Y Y. My reasoning on the contentious second android device outside the network defined in the policy Policy 1 defines a scope of Android OS and Network 1 The device that is not in Network 1 but is Android is marked as Compliant as no policy is assigned to the device, as per "Intune device compliance policy" settings, Mark devices with no compliance policy assigned as: Compliant
upvoted 1 times
silver_bullet666
2 years, 11 months ago
New answer is YNY " If the device isn't connected to any of the selected locations, it's considered not compliant" REF: https://docs.microsoft.com/en-us/mem/intune/protect/create-compliance-policy
upvoted 3 times
...
...
...
Bouncy
3 years, 2 months ago
YNY D1 and D3 are obvious, D2 seems to be an issue here. But the policy is still being applied despite the device having a different subnet. While creating a location-based policy it clearly reads "A device is considered noncompliant when none of the locations specified below are met". It's not a filter to "apply a policy only if device is in location XYZ"
upvoted 3 times
MR_Eliot
3 years, 2 months ago
I agree with this.
upvoted 1 times
...
...
moobdoob
3 years, 5 months ago
Answer is correct: YES, NO ,YES
upvoted 3 times
...
b3arb0yb1m
3 years, 7 months ago
From what I see, D1 and D3 are unrooted and therefore pass Policy1. D2 doesn't fall within the Policy1 scope because of the subnet and therefore, it is marked as compliant. Y, Y, Y. Am I missing something?
upvoted 2 times
Anon1212
3 years, 3 months ago
This is Correct
upvoted 1 times
...
...
Perycles
4 years ago
YES : windows 10 not affected by "network location " (only for android) so device has no policy and then marked a s compliance. (windows 10 device) NO : IP adress of this device is not inside the requiered ip range location. (android device ) YES : IP adress of this device is inside the requiered ip range location. (android device)
upvoted 13 times
RodrigoT
3 years, 2 months ago
Perfect answer.
upvoted 2 times
...
SamuelNascimento
2 years ago
Thanks, help me a lot to understand the question
upvoted 1 times
...
...
Tomtom11
4 years, 1 month ago
Configure network locations - Supported by Android devices, you can configure network locations and then use those locations as a device compliance rule. This type of rule can flag a device as noncompliant when it’s outside of or leaves a specified network. Before you can specify a Location rule, you must configure the network locations.
upvoted 4 times
...
Tomtom11
4 years, 1 month ago
Configure network locations - Supported by Android devices, you can configure network locations and then use those locations as a device compliance rule. This type of rule can flag a device as noncompliant when it’s outside of or leaves a specified network. Before you can specify a Location rule, you must configure the network locations.
upvoted 3 times
...
GohanF2
4 years, 1 month ago
this is a tricky question. but , i will mark all the devices as compiant due that in the question says that i add "unrooted" devices to the cloud .... So, all the 3 devices are unrooted "specially the android devices" ... the policy for the android device doesnt have any effect due that it will apply only to "rooted" devices that are in network 1. so, the device that belongs to this network 1 is unrooted so this policy hasnt have any effect so... it will be marked as compliance. its important to re-read the question many times
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel