Exam MD-101 topic 2 question 9 discussion

D should be correct. https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

I think B is correct To join the domain to AAD you would use AAD Connect Then you would use a GPO to enroll in Intune But we want to do both at the same time, Autopilot is supposed to do that

In Avanset with a .VCE file the correct answer is D: a Windows Autopilot deployment profile.. In ExamPrepper the correct answer is B: a Group Policy Object (GPO).. I'm confused now, what is the correct answer in the exam?

D is correct

A. An Autodiscover address record. Not relevant, nowhere mentioned in auto-pilot requirements B. A Windows AutoPilot deployment profile. How you deploy the profile if the device is NOT ENROLLED in Intune yet? C. An Autodiscover service connection point (SCP). Yes! this step is required for case, whenever no AD D. A Group Policy object (GPO). For Hybrid joined device, when enrollment is not done yet, easiest option is GPO since it's managed by AD https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy

I think D. Crux of this question is with least administrative effort. It mentions devices are joined to Active Directory, so you can use a GPO in this case. If they were Azure AD joined, GPO obviously wouldn't be an option, but since they are you can use a GPO to enroll into MDM automatically

The question mentions that: A hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune are already implemented >> This means devices are already registered in the Azure AD Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically Azure AD–registered The second request is to enroll the computers in Intune >> there are two ways (B and D) The third request is to minimize administrative effort >> Answer D is has the less administrative effort

B People need to keep in mind you don't need to touch these 2000 machines individually, your provider can just give you a csv. file with all of the information needed to upload right into the cloud.

D, GPOs allow to enroll your Hybrid devices in AAD and Intune easily and with minimal effort

B, Option A: An Autodiscover address record, is not relevant in this scenario. Autodiscover is a feature in Microsoft Exchange that allows clients to automatically discover and configure their Exchange server connection settings. It is not related to registering and enrolling devices in Azure AD and Intune. Option C: An Autodiscover service connection point (SCP), is also not relevant in this scenario. An SCP is an Active Directory object that allows clients to locate the Autodiscover service for their domain. It is not related to registering and enrolling devices in Azure AD and Intune. Option D: A Group Policy object (GPO), is also not relevant in this scenario. Group Policy is a feature in Windows that allows you to configure and manage settings and policies for computers and users in a domain. While Group Policy can be used to configure various settings on devices, it is not specifically designed for registering and enrolling devices in Azure AD and Intune. Therefore, the solution that minimizes administrative effort in this scenario is to use a Windows AutoPilot deployment profile.

There's the practical real life way to tackle these scenarios and then there is the Microsoft way. With old questions with a ton of debate that the mods don't switch, that typically the answer Microsoft is looking for (even if it is ass backwards).

Guys, the answer is D. A - I don't even consider it It's said "You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune." So you have configured Azure AD Connect for Hybrid mode and SCP it's automatically created on Active Directory. So C it's out. B - If completely resetting 2000 machines is considered a minimum effort I challenge anyone to propose it to a customer. Also, Windows Autopilot only works the first time you start your PC. Only D remains, which is in any case the only viable and correct solution

the key words is " hybrid Microsoft Azure Active Directory " which mean it has AD and AAD, therefore, auto-enroll AD PCs to Intune would be D use GPO, which I have done in my last job

Lots of opinions here, but after doing some research I found this link, which as I understand it, points to B as the solution: https://docs.microsoft.com/en-us/mem/intune/configuration/domain-join-configure?source=recommendations

B shopuld be correct

In the official MCA MD101 practice tests from Wiley, the answer to this question is B - Windows Autopilot. I tend to agree with it, because it's not stated whether the existing devices are already even hybrid-joined, only that they want to. So yes, I'd say it's B.

C. You need to configure SCP records. You can do this by using Azure Connect tool.