Practice Free MD-102 Exam Online Questions

Explanation:

Box 1: Intune Service Administrator

The members of Group1 must manage Intune roles and assignments.

Role-based access control (RBAC) helps you manage who has access to your organization’s resources and what they can do with those resources. By assigning roles to your Intune users, you can limit what they can see and change. Each role has a set of permissions that determine what users with that role can access and change within your organization.

To create, edit, or assign roles, your account must have one of the following permissions in Azure AD:

Global Administrator

Intune Service Administrator (also known as Intune Administrator)

Box 2: Help desk operator

The members of Group2 must assign existing apps and policies to users and devices.

Microsoft Intune built-in roles

Built-in roles use pre-defined rules based on common Intune scenarios. Alternatively, custom roles are built upon rules that are strictly defined by you.

Here are the built-in roles that you can assign:

* Help desk operator

Assign the help desk operator role to users who assign apps and policies to users and devices.

Incorrect:

* Policy and profile manager

Assign the policy and profile manager role to users manage compliance policy, configuration profiles and Apple enrollment.

* Etc.

Reference:

https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control

https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac

Explanation:

Box 1: User Administrator

User admin

Assign the user admin role to users who you want to access and manage user password resets and manage users and groups. They can also open and manage support requests to Microsoft support.

Box 2: Helpdesk Administrator

Assign the Helpdesk admin role to users who want to reset passwords, force users to sign out for any security issues. They can also open and manage support requests to Microsoft support. The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader.

Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/admin-roles-page

Explanation:

Box 1: User Administrator

User admin

Assign the user admin role to users who you want to access and manage user password resets and manage users and groups. They can also open and manage support requests to Microsoft support.

Box 2: Helpdesk Administrator

Assign the Helpdesk admin role to users who want to reset passwords, force users to sign out for any security issues. They can also open and manage support requests to Microsoft support. The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader.

Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/admin-roles-page

Explanation:

Box 1: User Administrator

User admin

Assign the user admin role to users who you want to access and manage user password resets and manage users and groups. They can also open and manage support requests to Microsoft support.

Box 2: Helpdesk Administrator

Assign the Helpdesk admin role to users who want to reset passwords, force users to sign out for any security issues. They can also open and manage support requests to Microsoft support. The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader.

Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/admin-roles-page

Explanation:

Box 1: An Intune connection

Enforces compliance for Defender for Endpoint by using Conditional Access

Configure Conditional Access in Microsoft Defender for Endpoint Take the following steps to enable Conditional Access:

Step 1: Turn on the Microsoft Intune connection from Microsoft 365 Defender

Step 2: Turn on the Defender for Endpoint integration in Intune

Step 3: Create the compliance policy in Intune

Step 4: Assign the policy

Step 5: Create an Azure AD Conditional Access policy

Box 2: An Attack surface reduction (ASR) policy rule

Prevents suspicious scripts from running on devices

Attack surface reduction policy for endpoint security in Intune

When Defender antivirus is in use on your Windows 10/11 devices, you can use Intune endpoint security policies for Attack surface reduction to manage those settings for your devices.

Attack surface reduction policies help reduce your attack surfaces, by minimizing the places where your organization is vulnerable to cyberthreats and attacks.

In particular:

Attack Surface Reduction Rules C Configure settings for attack surface reduction rules that target behaviors that malware and malicious apps typically use to infect computers, including:

Executable files and scripts used in Office apps or web mail that attempt to download or run files Obfuscated or otherwise suspicious scripts

Behaviors that apps don’t usually start during normal day-to-day work Reducing your attack surface means offering attackers fewer ways to perform attacks.

Reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access

https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy