Exam MD-101 topic 2 question 26 discussion

I think the answer is YES, NO, YES Computer1 = Group1 + GPO NOT configured = update ring is applied = 2 days = YES Computer2 = Group2 + GPO IS configured = update ring NOT applied = 5 days = NO Computer3 = Group3 + GPO disabled = update ring is applied = 14 days = YES As i understand it GPO takes precedence over update rings.

after 2 hours Tests, my final answer is YES, NO , YES. easy for computer 1 and 3. For computer 2, intune settings for updates rights are never applied if GPO is active. TAGS have no impact here ( used only to easy admin jobs).

YES, NO, YES Local Policy win over MDM and disabled setting act like "not configured"

If it has been a year and a half and the mods haven't corrected it, the given answer is probably correct although I would have went with yes no yes

GPO wins over MDM so i would say yes no no

Feel like it should specify Local GPO, as that is misleading.

Computer1 - NO. Not in "Scope (Tags)" Computer2 - NO. MDM over GPO takes precedence over "Policy CSP - ControlPolicyConflict" for setting to 1, default is 0. As Wilf32 mentioned. Computer3 - NO. This computer does not have a Tag2.

No, Yes, No The above is the correct answer. https://docs.microsoft.com/en-us/mem/intune/fundamentals/scope-tags

Answer should be corrected. It is YES-NO-YES. For reasons very well explained by other users.

Do people read these questions? Global Group Policy doesn't apply here. The devices are in a workgroup but managed by Intune, it says at the top: The computers are in a workgroup and are enrolled in Intune. I'm still confused by the given answers however. Intune policies should override local GPO unless I'm missing something.

I agree with YES, NO, YES: Tags are disregarded & GPO Wins over MDM: Computer 1 - No GPO configured (Bypass) > Update ring applies to Group 1 (2 Days): YES Computer 2 - GPO Enabled (Ignore MDM) > Deferral period of 5 days applies: NO Computer 3 - CONFIGURATION GPO disabled > Unknown state of other GPO's, the assumption is that updates are enabled (Bypass GPO) > Update ring applies to Group 3 (14 Days): YES

Yes No Yes

Answer is correct. GPO in a workgroup? Only intune is the solution and the scope tag ist important.

The Question does not say who wins in case of conflict. Default action is GPO always wins unless specified otherwise. "In Windows 10, version 1709 or later, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM." GPO’s as follows: Computer 1 - No GPO configured - (MDM will apply because there is no conflict) = YES Computer 2 - GPO Enabled - (MDM will not apply because there is a conflict) = NO Computer 3 - GPO Disable - (MDM will apply because there is no conflict) = YES

The answer provided is correct NO, YES, NO Computer1 is in Group1. The Intune policy Ring1 applies to Group1 if the device has Tag1, which Computer1 doesn't, so this policy doesn't apply, neither the other policies because they are set to other groups which Computer1 isn't member of. So here the local GPO wins which is set to Not Configured. So the answer is NO Computer2 is in Group2. The Intune policy Ring2 applies to Group2 if the device has Tag2, which Computer2 does have, so this policy applies. No other policy is applied. Computer2 has a local GPO to set the deferral, but this will get override by the Intune CSP which says 7 days. So the answer is YES Computer3 is in Group3. The Intune policy Ring3 applies to Group3 if the device has Tag2, but Computer3 has Tag3 so this policy doesn't apply neither does other policies. Computer3 has a local GPO which disables the configuration of deferrals, which reverts to default, i.e, none. So the answer is NO

Computer1 = Group1 + GPO NOT configured = update ring is applied = 2 days = so since local GPO is not configured the intune policies should take affect and in that case it is -> YES Computer2 = Group2 + GPO IS configured hence GPO will win because "MDMWinsOverGP" is not mentioned and it is off by default = 5 days -> NO Computer3 = Group3 + GPO disabled = update ring is applied = 14 days = YES

Computer1 = Group1 + GPO NOT configured = update ring is applied = 2 days = so since local GPO is not configured the intune policies should take affect and in that case it is -> YES Computer2 = Group2 + GPO IS configured hence GPO will win because "MDMWinsOverGP" is not mentioned and it is off by default = 5 days -> NO Computer3 = Group3 + GPO disabled = update ring is applied = 14 days = YES I think it should be Yes -> NO -> Yes