HOTSPOT – You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table. Your company uses Microsoft Intune. Several devices are enrolled in Intune as shown in the following table. The device compliance policies in Intune are configured as shown in the following table. You create a conditional access policy that has the following settings: ✑ The Assignments settings are configured as follows: 1. Users and…

QuestionsCategory: MS-101HOTSPOT – You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table. Your company uses Microsoft Intune. Several devices are enrolled in Intune as shown in the following table. The device compliance policies in Intune are configured as shown in the following table. You create a conditional access policy that has the following settings: ✑ The Assignments settings are configured as follows: 1. Users and…
Admin Staff asked 4 months ago
HOTSPOT -
You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table.
 Image
Your company uses Microsoft Intune.
Several devices are enrolled in Intune as shown in the following table.
 Image
The device compliance policies in Intune are configured as shown in the following table.
 Image
You create a conditional access policy that has the following settings:
✑ The Assignments settings are configured as follows:
1. Users and groups: Group1
2. Cloud apps: Microsoft Office 365 Exchange Online
3. Conditions: Include All device state, exclude Device marked as compliant
✑ Access controls is set to Block access.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 Image
















 

Suggested Answer: 
    Correct Answer Image

Box 1: Yes.
User1 is in Group1. The Conditional Access Policy applies to Group1. The Conditional Access Policy blocks access unless the device is marked as compliant.
BitLocker is disabled for Device1. Device1 is in Group3 which is assigned device Policy1. The BitLocker policy in Policy1 is not configured so BitLocker is not required.
Therefore, Device1 is compliant so User1 can access Exchange online from Device1.
Box 2: No.
User1 is in Group1. The Conditional Access Policy applies to Group1. The Conditional Access Policy blocks access unless the device is marked as compliant.
BitLocker is disabled for Device2. Device2 is in Group4 which is assigned device Policy2. The BitLocker policy in Policy2 is Required so BitLocker is required.
Therefore, Device2 is not compliant so User1 cannot access Exchange online from Device2.
Box3: Yes.
User2 is in Group2. The Conditional Access Policy applies to Group1. The Conditional Access Policy does not apply to Group2. So even though Device2 is non- compliant, User2 can access Exchange Online using Device2 because there is no Conditional Access Policy preventing him/her from doing so.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions

This question is in MS-101 Exam
For getting Microsoft 365 Administrator Expert Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.