Exam MS-203 topic 1 question 59 discussion

It has to be YNN Yes, since User1/Device1 is compliant No, since User2/Device 2 isn't part of the Compliance Policy No, since User3/Device 3 CANNOT download, cause the policy is "read only"

Yes No Yes

Y N N The default policy was applied and is set to ReadOnly. Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -ConditionalAccessPolicy ReadOnly

"ConditionalAccessPolicy ReadOnly" in the owa policy specifies what action can be done by users in a non-managed device 1. Yes- The device1 is unmanaged, hence user1 can only view attachments 2. No- The condition access policy is not applicable to user2, therefore he has no restrictions 3. Yes- Since the device is managed, user3 has no restrictions in device 3 https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-worldwide#limit-access-to-exchange-online-from-outlook-on-the-web&preserve-view=true

-ConditionalAccessPolicy This parameter is available only in the cloud-based service. The ConditionalAccessPolicy parameter specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal. Note: When you enable a Conditional Access policy, users will no longer be able to access the light version of Outlook on the web. An error message will direct them to use the default premium experience. Valid values are: Off: No conditional access policy is applied to Outlook on the web. This is the default value. ReadOnly: Users can't download attachments to their local computer, and can't enable Offline Mode on non-compliant computers. They can still view attachments in the browser. ReadOnlyPlusAttachmentsBlocked: All restrictions from ReadOnly apply, but users can't view attachments in the browser. Source: https://learn.microsoft.com/en-us/powershell/module/exchange/set-owamailboxpolicy?view=exchange-ps

My guess: Y - device cannot be compliant as it is not enrolled in Intune (a requirement for evaluation of compliance) N - user is not affected by the CA policy Y - device enrolled in intune (assuming complaint) - CA policy should not affect this user/device

ON exam - 4/18/2022 All 3 case studies were also on exam

Sorry it is yes No Yes Finance will be affected only The policy only applies to users in the azure policy regardless of device state

Only finance users will be affected by policy so yes yes no

Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -ConditionalAccessPolicy ReadOnly needs a Conditional access policy to work properly, CAP's member can't download attachments to their local computer. yet other users can. so it should be Yes, Yes, No https://profadmins.com/2021/10/09/restrict-downloading-attachments-from-owa/

Yes - User 1 only views the attachment (Read Only policy allows to view attachments on private computers). Yes - User 2 is not part of the Conditional Access Policy and the Device 2 is complaint. Yes - User 3 is part of the Finance group and the Conditional Access policy applies. The Device 3 is compliant. "These policies will restrict the ability for users to download attachments from email to a local machine when the devices are not compliant" https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069

on exam 11-27-21

I believe is Yes, No, Yes

On the test Nov 3,2021

can anyone explain the answers?