ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 2 question 68 discussion

Actual exam question from Microsoft's MS-101
Question #: 68
Topic #: 2
[All MS-101 Questions]

DRAG DROP -
Your company has a Microsoft 365 E5 tenant.
Users access resources in the tenant by using both personal and company-owned Android devices. Company policies requires that the devices have a threat level of medium or lower to access Microsoft Exchange Online mailboxes.
You need to recommend a solution to identify the threat level of the devices and to control access of the devices to the resources.
What should you include in the solution for each device type? To answer, drag the appropriate components to the correct devices. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by F_M at Aug. 25, 2021, 1:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
L33D
Highly Voted 2 years, 11 months ago
Still valid, on exam Jun 25, 2022
upvoted 11 times
...
Contactfornitish
Highly Voted 2 years, 10 months ago
On exam on 13 aug'22
upvoted 6 times
...
Mujja
Most Recent 2 years ago
App Protection for both? Nothing says the company device is enrolled. Device needs to be enrolled for Compliance policies. Also, compliance policy will alone won't prevent access to resources which is one of the requirments.
upvoted 1 times
...
TechMinerUK
2 years, 7 months ago
I'm confused here as the question states: "Company policies requires that the devices have a threat level of medium or lower" This to me means that both personal and corporate devices would need the Microsoft Defender app installing and an acompanying compliance policy to confirm they are below the acceptable risk level. An AppProtection policy could be used if the business is only bothered about managing security controls (We do this regularly) and it makes more sense to do this however it would not meet the questions goal of confirming the devices threat level as AppProtection is MAM only and not managing the threat level of the device, only monitoring the security configuration such as PIN, biometric, OS version and rooted/jailbreak state
upvoted 1 times
TechMinerUK
2 years, 7 months ago
Wait, disregard my comment, the question is right as there was functionality I didn't realise was present. Based on: https://learn.microsoft.com/en-us/mem/intune/protect/mtd-app-protection-policy There is an additonal option in AppProtection policies under the "Device Conditions" area called "Max allowed device theat level" Now the bit which is cheeky, this requires a MTD such as Microsoft Defender still to be installed on the device however it would mean the device doesn't have to be enrolled which is the preferred state even though there are BYOD profiles for Android and you can have personal iOS devices enrolled into Intune. Bit tricky but knowing that the functionality is there it makes sense for the answer to be correct now
upvoted 3 times
...
...
TimurKazan
3 years, 5 months ago
app protection and compliance policies for both
upvoted 2 times
[Removed]
3 years, 5 months ago
Could you please elaborate why? I think they prefer not to enroll the BYOD. In the App Protection Policy on step „Conditional Launch“ you can set „max allowed device threat level“. Then the Info box for Mobile Threat Defense pops up: https://docs.microsoft.com/en-us/mem/intune/protect/mtd-add-apps-unenrolled-devices Im still with: 1: compliance policy 2 app protection policy :/
upvoted 6 times
KornienkoBoris
3 years, 4 months ago
for iOS, where is the type of the device defined
upvoted 1 times
KornienkoBoris
3 years, 4 months ago
nevermind, for Android also
upvoted 1 times
...
...
...
...
jkklim
3 years, 6 months ago
answer is correct
upvoted 3 times
...
jfuem
3 years, 9 months ago
Why not Compliance and App-Protection policy for both ?
upvoted 1 times
helpdeskinfra
3 years, 7 months ago
I think that BYOD will not be enroled in Intune so you have to configure MAM App protection policy. Then, the CA policy will not permit access to EXO unless you use Outlook.
upvoted 5 times
...
...
F_M
3 years, 9 months ago
I would say both compliance policy. BYOD enrollment is supported in Intune and defines every device, both corporate owned and private, as compliant or not. I'm saying this because an app protection policy can protect some apps but not every possible different way to access an exchange online mailbox. If the organization uses Outlook App what about browser? And how many different browser are there for Android? You can't include each one in an app protection policy...
upvoted 2 times
F_M
3 years, 9 months ago
Forget this, you can set an app protection policy and create a conditional access policy to enforce the access only from app protected by a policy. https://docs.microsoft.com/en-us/mem/intune/protect/tutorial-protect-email-on-unmanaged-devices
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel