ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-140 All Questions

View all questions & answers for the AZ-140 exam
Go to Exam

Exam AZ-140 topic 4 question 18 discussion

Actual exam question from Microsoft's AZ-140
Question #: 18
Topic #: 4
[All AZ-140 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have the following:
✑ A Microsoft 365 E5 tenant
✑ An on-premises Active Directory domain
✑ A hybrid Azure Active Directory (Azure AD) tenant
✑ An Azure Active Directory Domain Services (Azure AD DS) managed domain
✑ An Azure Virtual Desktop deployment
The Azure Virtual Desktop deployment contains personal desktops that are hybrid joined to the on-premises domain and enrolled in Microsoft Intune.
You need to configure the security settings for the Microsoft Edge browsers on the personal desktops.
Solution: You create and configure a Group Policy Object (GPO) in the on-premises domain.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Flacky_Penguin32 at Nov. 4, 2021, 2:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Flacky_Penguin32
Highly Voted 3 years, 7 months ago
So, I'm saying Yes, cause this could be configured as a GPO for Edge via ADMX and ADML templates injected into your domain controllers and alternatively this could also be accomplish via Intune. Both are valid options.
upvoted 23 times
...
stormtraining
Most Recent 2 months ago
Selected Answer: B
Definitely NO. If it is personal computers, that means they take it home, that means using Intune policies are the best choice, since there LAN network in their home are not Domain Joined...
upvoted 1 times
...
GBAU
10 months, 1 week ago
Selected Answer: A
"Personal desktops that are hybrid joined to the on-premises domain and enrolled in Microsoft Intune" Therefore they will apply both on-premises domain GPOs and InTune policies. So you can apply either via GPO or InTune, both can work. The question is not what is the best way, just if it meets the goal.
upvoted 3 times
...
sotec
1 year, 2 months ago
GPO is correct but need enroll device with a GPO lol https://learn.microsoft.com/en-us/answers/questions/1340915/is-it-possible-to-manage-gpo-and-intune-policy-con
upvoted 1 times
...
RDIO
1 year, 8 months ago
Selected Answer: A
If the desktops are "hybrid" joined to the on-prem domain as it says, the GPO solution will work.
upvoted 1 times
...
[Removed]
1 year, 10 months ago
Selected Answer: A
The given answer appears correct. The Azure Virtual Desktop deployment contains personal desktops that are "HYBRID joined" to the "ON-PREMises domain" AND enrolled in Microsoft Intune. Keys here: HYBRID joined - Means both AD and Azure AD. On-Premises - NOT Azure AD DS (ignore Azure AD DS it's just being used to throw you off) AND Enrolled in Intune So being that they are joined to the on-prem AD they will get group policy application meaning any settings applied by GPO to the computer objects/logged on user will apply in the AVD. Policies applied by Intune will also work Policies applied to the Azure AD DS instance will not apply to the AVD as the hosts are not joined to the Azure AD DS.
upvoted 1 times
...
Leocan
2 years ago
Selected Answer: A
personal desktops that are hybrid joined to the on-premises domain and enrolled in Microsoft Intune.
upvoted 1 times
...
randomstranger
2 years ago
Selected Answer: B
No, use configuration profile in intune.
upvoted 2 times
kam247
7 months, 2 weeks ago
Yu can use either one since it is Hybrid Joined. Either GPO in AD on-prem or Config profile intune as long as devices are in intune.
upvoted 2 times
...
...
tecnicosoffshoretech
2 years, 3 months ago
B. No. The solution described only addresses the on-premises domain, but the personal desktops are hybrid joined to the on-premises domain and enrolled in Microsoft Intune. Therefore, to configure the security settings for Microsoft Edge on these desktops, you should create and configure an Intune device configuration profile for Microsoft Edge, which will apply the settings to the personal desktops in the Azure Virtual Desktop deployment.
upvoted 1 times
...
zre
2 years, 3 months ago
Selected Answer: B
No, this solution does not fully meet the goal. The solution of creating and configuring a Group Policy Object (GPO) in the on-premises domain would apply the security settings to the Microsoft Edge browser on the personal desktops joined to the on-premises domain. However, it would not apply the settings to the personal desktops that are enrolled in Microsoft Intune and joined to the Azure AD domain. Therefore, the proposed solution of creating and configuring a GPO in the on-premises domain does not fully meet the goal of configuring the security settings for the Microsoft Edge browsers on all personal desktops in the Azure Virtual Desktop deployment.
upvoted 1 times
...
junior6995
2 years, 5 months ago
Tricky, I can configure security settings for Edge either from GPOs (SCCM) or via Configuration Profile (Intune), we must know if there are any settings of Device Co-Management enabled to answer this question.
upvoted 1 times
...
Sledgehammer
2 years, 6 months ago
100% Yes, hybrid joined to the on-premises domain. This means that the AVD is joined to the domain and also visbile / managed in Endpoint Manager. I have this kind of deployment for almost every customer. The catch is "Can" you manage this with GPO and that is 100% possible.
upvoted 3 times
...
PXAbstraction
2 years, 6 months ago
Either are technically valid scenarios, but I am selecting A. GPOs override Intune.
upvoted 1 times
...
Magis
2 years, 7 months ago
Selected Answer: B
No. On-premises domain GPO doesn't cover Intune joined hybrid devices. So those devices can be even non domain joined devices and so on. So you can acheive this only by using Intune config profile.
upvoted 2 times
tecnicosoffshoretech
2 years, 6 months ago
hybrid ad devices are devices that are AD joined and AAD joined therefore both GPOs from on-premises domain and intune policies can be applied.
upvoted 5 times
...
pcc_rj
2 years, 5 months ago
You're wrong Magis, of course GPO's can be applied to Hybrid AD joined devices. Don't mislead people.
upvoted 8 times
...
...
afbnfz
2 years, 9 months ago
Selected Answer: B
Pretty sure this is No. Because these are hybrid-joined Azure desktops. And the proposed solution here is to modify the GPO on-prem. "In a hybrid environment, group policies configured in an on-premises AD DS environment aren't synchronized to Azure AD DS. To define configuration settings for users or computers in Azure AD DS, edit one of the default GPOs or create a custom GPO." - https://learn.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy Microsoft says the GPO you configure on-prem is not going to sync to Azure AD DS. So, no this does not meet the goal.
upvoted 1 times
...
AnonymousJhb
3 years ago
sim questions are 4.18, 4.19, 4.20, 4.27
upvoted 1 times
...
wadeZhu
3 years, 1 month ago
Selected Answer: A
A is correct. "You create and configure a Group Policy Object (GPO) in the on-premises domain." For on-premises domain, of course you can configur GPO via ADMX
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel