Exam MS-101 topic 2 question 98 discussion

"The solution must minimize administrative effort" so D I think.

D is Correct. Create a dynamic group to query all those devices with Windows 10 first.

B is a more specific solution for this particular use case. The Microsoft 365 Defender portal is specifically designed for threat protection, and creating a device group in this portal allows you to better focus on security and threat management. On the other hand, creating a dynamic device group in the Azure Active Directory admin center is a more general solution that could be used for a wider range of scenarios. B is also easier to use for this specific scenario. Creating a device group in the Microsoft 365 Defender portal is a simple and straightforward process, and you can quickly filter devices based on specific criteria such as operating system version, device type, etc. This can help you create a more targeted device group that meets your needs. Overall, while D is also a valid choice for creating a device group, B is a better option for this specific scenario because it is a more specific and easier-to-use solution that is designed specifically for threat protection.

The solution must minimize administrative effort!!

I know the dynamic device group sounds like the best answer, but this is asking about Defender for Endpoint and Device Groups are king. In Defender for Endpoint you can configure device groups to contain only PCs of a certain OS, IE Windows 10, like the question asks, and Email notifications are configured directly in Defender for Endpoint; this is not asking about an alert policy. The answer is 100% B.

D is correct since it will only be needed to be configured once, minimizing administrative effort, dynamic groups can be generated from either endpoint manager or azure AD portal pyramidhead further explains

In the navigation pane, select Settings > Endpoints > Permissions > Device groups. Click Add device group. Enter the group name and automation settings and specify the matching rule that determines which devices belong to the group.

Answer is D. Key is "The solution must minimize administrative effort". https://learn.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping "To enable automatic grouping, you must create a dynamic group using attribute-based rules in Azure AD. For instructions, see Using attributes to create advanced rules in the Azure AD documentation. Create an advanced rule for your group using the deviceCategory attribute and the category name you created in Step 1 of this article. For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: device.deviceCategory -eq "HR"

Endpoint.microsoft.com -> Groups -> Dynamic Device Group Answer seems to be C

Correct. You create an rule for alert notifications and in that you select the device group so you have to create the device group first. Settings > Endpoints > General > Email notifications. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-email-notifications?view=o365-worldwide Settings > Endpoints > Permissions > Device groups https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldwide

To minimize the effort required, a dynamic device group is the correct choice. The easiest way to target windows 10.

I guess it could be B but when creating the Incident notification it only asks for the basic information and then an email address. I think the correct answer is A.

seems correct - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-email-notifications?view=o365-worldwide