You manage one hundred Microsoft Azure Active Directory (Azure AD) joined Windows 10 devices. You want to make sure that users are unable to join their home PC's to Azure AD. Which of the following actions should you take?
A.
You should configure the Enrollment restriction settings via the Device enrollment blade in the Intune admin center.
B.
You should configure the Enrollment restriction settings via the Security & Compliance admin center.
C.
You should configure the Enrollment restriction settings via the Azure Active Directory admin center.
D.
You should configure the Enrollment restriction settings via the Windows Defender Security Center.
Its A; Open Intune / Endpoint admin center > Devices > Enrollment Device Platform Restriction > All Users > Here you can block personally owned devices, such as a home PC. Answer A
C, This is correct...
Azure AD join needs users input your credentials of Azure AD Account. If you want to limit Azure AD join devices, you can limit users who can join their devices to AzureAD:
Go to Azure Portal > Azure Acitve Directory > Devices > Add memebers who can join devices to Azure AD.
https://serverfault.com/questions/893881/how-to-restrict-device-join-in-azure-ad
C is not correct since there is no "block Home PC" option available in Azure.
Thats only in the Intune/Endpoint Manager admin center i described in my first comment.
I stand with answer A
Re Read the question, there is no Intune enrollment requirement. It's all about AD Join (Identity), where it's managed in Azure AD and you are able to block if the users are able to register any computer with their corporative accounts or not.
Youre right aswell, but the question states
"You want to make sure that users are unable to join their home PC's to Azure AD."
But if you disable the choosen option, nobody can join AzureAD anymore, even with a company computer, so thats why i choosed A
Azure Active Directory (Azure AD) provides a central place to manage device identities and monitor related event information.
https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
C,
Option A: configuring the Enrollment restriction settings via the Device enrollment blade in the Intune admin center, is not the correct answer.
The Intune admin center is a tool used to manage devices and their associated policies, such as device compliance and app deployment. While the Intune admin center does have a Device enrollment blade, this blade is used to manage the enrollment of devices into Intune, not Azure AD.
To make sure that users are unable to join their home PCs to Azure AD, you should configure the enrollment restriction setting in the Azure Active Directory admin center. This is the central location for managing Azure AD and its related services, including the enrollment of devices into Azure AD. The Device enrollment blade in the Intune admin center is not relevant to this task.
This section is not available anymore. Please use the main Exam Page.MD-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
BRoald
Highly Voted 2 years, 9 months agodaye
2 years, 9 months agocbjorn8931
2 years, 8 months agoTonySuccess
2 years, 9 months agoBRoald
2 years, 9 months agodaye
2 years, 8 months agoBRoald
2 years, 6 months agoAngelusNL
Highly Voted 2 years, 8 months agoNoursBear
Most Recent 1 year, 6 months agoKock
2 years ago[Removed]
2 years, 2 months agogolijat
2 years, 2 months agoMeebler
2 years, 6 months agoZarkata
2 years, 9 months agoRickyBee
2 years, 9 months ago