You have a Microsoft 365 tenant that contains the groups shown in the following table. You plan to create a new Windows 10 Security Baseline profile. To which groups can you assign to the profile?
Mail-enabled security groups function the same as regular security groups, except that they cannot be dynamically managed through Azure Active Directory and cannot contain devices.
They include the ability to send mail to all the members of the group.
Mail-enabled security groups can be added to a team.
https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#mail-enabled-security-groups
The crux of the question is "You plan to create a new Windows 10 Security Baseline profile."
The question is implying that you're creating a *DEVICE* Baseline profile, in which case only a security group will work because mail-enabled security groups cannot contain devices. QED: A.
A very tricky question from Microsoft here - the link below specifies that you can apply the baseline to groups of both users and devices.
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
Therefore, this makes the answer C - group 2 and 3.
C:
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
"You deploy security baselines to groups of users or devices in Intune, and the settings apply to devices that run Windows 10/11."
The email enabled security group can be used.
I agree that it's A. It's a tricky one. Read the post that OneplusOne cites and you'll find this:
"Mail-enabled security groups function the same as regular security groups, except that they cannot be dynamically managed through Azure Active Directory and cannot contain devices."
Correct.
"You deploy security baselines to groups of users or devices in Intune, and the settings apply to devices that run Windows 10/11."
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
A:
"Mail-enabled security groups function the same as regular security groups, except that they cannot be dynamically managed through Azure Active Directory and cannot contain devices."
https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide
I agree that it's A. It's a tricky one. Read the post that OneplusOne cites and you'll find this:
"Mail-enabled security groups function the same as regular security groups, except that they cannot be dynamically managed through Azure Active Directory and cannot contain devices."
This is one of those questions where both security group types can be used but what is not clear is which is "best practice" in Microsoft's eyes and thus hard to know what the correct answer should be.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.MS-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
goape
Highly Voted 3 years, 4 months agous3r
Highly Voted 3 years, 4 months agovanr2000
Most Recent 2 years agojaycenornin
2 years agobac0n
2 years, 4 months agoTimLyrical
2 years, 7 months agoJamesM9
3 years, 1 month agoToschu
3 years, 1 month agoBluMoon
3 years, 2 months agoBulldozzer
3 years, 2 months agoToschu
3 years, 1 month agoubt
3 years, 3 months agohaazybanj
3 years, 3 months agoOneplusOne
3 years, 3 months agoBluMoon
3 years, 2 months agoVirtualJP
3 years, 4 months ago