ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-101 All Questions

View all questions & answers for the MD-101 exam
Go to Exam

Exam MD-101 topic 3 question 48 discussion

Actual exam question from Microsoft's MD-101
Question #: 48
Topic #: 3
[All MD-101 Questions]

HOTSPOT -
You have a Microsoft 365 tenant named contoso.com that contains a group named ContosoUsers. All the users in contoso.com are members of ContosoUsers.
You have two Windows 10 devices as shown in the following table.

Both Computer1 and Computer2 contain two apps named App1 and App2.
You configure an app protection policy named AppPolicy1 that has the following settings:
✑ Protected apps: App1
✑ Assignments: ContosoUsers
✑ Enrollment state: Without enrollment
✑ Windows Information Protection mode: Block
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create https://docs.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe
by Davidchercm at July 15, 2021, 6:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Goofer
Highly Voted 3 years, 7 months ago
Protected app is App1 App protection policy Intune polices go above App protection policies N - Azure registered - App protection policy: Block Y - Azure Joined - Intune Policy Y - Azure registered - App1 can selectively wiped App Protection policies are available for: iOS/iPadOS, Android and Windows 10 and later
upvoted 13 times
RodrigoT
3 years, 2 months ago
Wrong. Both devices are ENROLLED in Intune. In this case it doesn't matter if one is registered and the other is joined. When the policy is Enrollment state: Without enrollment, then is more restrictive and will always protect the app by MAM. The correct answers are N N Y. Check the link: https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy
upvoted 10 times
4D33L
1 year, 11 months ago
doesnt ✑ Enrollment state: Without enrollment mean it only applies to that state?
upvoted 1 times
...
...
...
pinklemonade
Highly Voted 3 years, 11 months ago
Should be No, Yes, Yes
upvoted 6 times
...
giobos
Most Recent 2 years, 1 month ago
deprecated
upvoted 1 times
...
raduM
2 years, 7 months ago
y because device is enrolled and ploicy does not apply y because device is enrolled and policy does not apply n because device is enrolled and policy does not apply so device is not protected by the app thus admin cannot selectively wipe the information just tested in my lab btw
upvoted 2 times
...
raduM
2 years, 9 months ago
with enrollment opr without enrollment means if it is enrolled in intune or not. So the app Protection policy will apply to both devices.
upvoted 3 times
...
raduM
2 years, 9 months ago
given answers are correct
upvoted 1 times
...
MR_Eliot
3 years, 2 months ago
Both devices are MDM managed so they're enrolled in MDM management. Therefore the enrolled devices policy will apply. So the correct answer should be: YES, YES, YES. https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies#target-app-protection-policies-based-on-device-management-state
upvoted 2 times
...
forummj
3 years, 4 months ago
The more I look at this I think Y, Y, Y, the question stipulates that the APP has been created "without enrollment" in mind. Both devices are enrolled in Intune, surely they wouldn't monitor App1 or App2?
upvoted 3 times
...
CARO54
3 years, 6 months ago
Can you explain ? I don't understand the answer ...
upvoted 1 times
...
b3arb0yb1m
3 years, 7 months ago
Block WIP looks for inappropriate data sharing practices and stops the user from completing the action. Blocked actions can include sharing info across non-corporate-protected apps, and sharing corporate data between other people and devices outside of your organization. Sounds like N,Y,Y to me.
upvoted 4 times
...
R0b671
3 years, 8 months ago
Answer appears correct. No - App Protection Policy only applies to Android and iOS devices. No - App Protection Policy only applies to Android and iOS devices. Yes - Once documents are protected with a WIP policy, the protected data can be selectively wiped by an Intune administrator (Global administrator or an Intune Service administrator). Source: https://docs.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe
upvoted 5 times
Garito
3 years, 4 months ago
MAM-WE supports Windows 10 along with Android and iOS: https://docs.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-mamwe
upvoted 1 times
ducklaorange
2 years, 4 months ago
It does, but it does not support application protection policies and recommends Purview (formerly known as WIP): https://learn.microsoft.com/en-us/mem/intune/apps/app-management
upvoted 1 times
...
...
b3arb0yb1m
3 years, 7 months ago
Windows Information Protection (WIP) policies can be deployed without requiring MDM users to enroll their Windows 10 device. This configuration allows companies to protect their corporate documents based on the WIP configuration, while allowing the user to maintain management of their own Windows devices. Once documents are protected with a WIP policy, the protected data can be selectively wiped by an Intune administrator (Global administrator or an Intune Service administrator). By selecting the user and device, and sending a wipe request, all data that was protected via the WIP policy will become unusable. From the Intune in the portal, select Client app > App selective wipe.
upvoted 3 times
...
...
BieLey
3 years, 8 months ago
This should be: Yes - App Protection Policy only applies to Android and iOS devices. Yes - App Protection Policy only applies to Android and iOS devices. No - You can't selectively wipe data only created by App1. You would wipe all company data on the device.
upvoted 3 times
cbjorn8931
2 years, 7 months ago
All devices are windows 10! Where are you getting Android devices…
upvoted 1 times
...
...
Rick11221
3 years, 8 months ago
Answer is correct.
upvoted 2 times
...
auton
3 years, 8 months ago
Both laptops are enrolled in to MDM and they are targeted by a app protection policy that is ment for MDM-WE. This is a all "No".
upvoted 1 times
...
daonga
3 years, 11 months ago
Can someone break this down? Does it not matter if device is registered/joined? It seems the policy will only apply to devices that are not enrolled (registered) but I'm sure I am missing something
upvoted 4 times
Angarali
3 years, 10 months ago
Computer 1 is a personal device
upvoted 1 times
daonga
3 years, 10 months ago
But it's still enrolled into Intune. Shouldn't this all be NO because the policy is set to apply to un-enrolled devices??
upvoted 2 times
...
...
...
Davidchercm
3 years, 11 months ago
https://docs.microsoft.com/en-us/mem/intune/apps/mam-faq
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel