Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft Intune subscription.
Contoso.com contains a user named [email protected].
You have a computer named Computer1 that runs Windows 8.1.
You need to perform an in-place upgrade of Computer1 to Windows 10.
Solution: From Windows 8.1, you run setup.exe from the Windows 10 installation media.
Does this meet the goal?

• A.Yes
• B.No

Comment: *

Name: *

Email: *

Verification: *

Your company plans to deploy tablets to 50 meeting rooms.
The tablets run Windows 10 and are managed by using Microsoft Intune. The tablets have an application
named App1.
You need to configure the tablets so that any user can use App1 without having to sign in. Users must be
prevented from using other applications on the tablets.
Which device configuration profile type should you use?

• A.Kiosk
• B.Endpoint protection
• C.Identity protection
• D.Device restrictions

Comment: *

Name: *

Email: *

Verification: *

You have 100 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to configure the following device restrictions:
* Block users from browsing to suspicious websites.
* Scan all scripts loaded into Microsoft Edge.
Which two settings should you configure in Device restrictions? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 subscription.
You have a conditional access policy that requires multi-factor authentication (MFA) for users in a group name Sales when the users sign in from a trusted location. The policy is configured as shown in the exhibit. (Click the Exhibit tab.)

You create a compliance policy.
You need to ensure that the users are authenticated only if they are using a compliant device.
What should you configure in the conditional access policy?

• A.a condition
• B.a session control
• C.a cloud app
• D.a grant control

Comment: *

Name: *

Email: *

Verification: *

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to configure an Intune device configuration profile to meet the following requirements:
* Prevent Microsoft Office applications from launching child processes.
* Block users from transferring files over FTP.
Which two settings should you configure in Endpoint protection? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

References:
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10

Comment: *

Name: *

Email: *

Verification: *