Which additional port should you open?
This is a case study. Case studies are not timed separately. You can use as much exam times as you would
like to complete each case. However, there may be additional studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
You are the system administrator for an insurance company named Contoso, Ltd. The company has an onpremises Active Directory Services (AD DS) domain named contoso.com, and a Microsoft Office 365
environment. You deploy the following operating systems across the enterprise:
You configure removable storage usage auditing for all Dallas devices.
Contractors
You hire 25 contractors. The contractors must use their own devices to access Microsoft SharePoint Online
sites in the company’s Office 365 environment. They must use Windows BitLocker and store a recovery key in
Microsoft OneDrive.User synchronization and authentication
You need to implement synchronization between the on-premises AD DS domain and the Office 365
environment. The solution must use the latest supported Microsoft technologies.
Users must be able to reset their own passwords by using the Microsoft Office 365 portal. When a user resets
their Office 365 password, the password for the user’s on-premises AD DS account must also reset.
Users must be able to sign in to Office 365 by using their AD DS credentials.
Security
You must prevent all users in Seattle except Sales users from using any removable devices. Sales users must
be able to fully access local attached tape drives. Sales users must be prevented from writing to removable
drives.
Technical requirements
General
You deploy a new application to the devices in Seattle. Sales department users in Seattle run an application
that only works on devices that run windows 7.
You deploy a new display driver to all devices in Dallas.
Backup and Recovery
You create system images for all devices that run Windows 7. You must create a new system image each time
you update these devices. You schedule file versioning for these devices to occur at 09:00 and 17:00 each day
on Monday through Friday.
All devices that run Windows 10 must back up the C:\\CompanyDoes folder to a network drive.
You must configure all devices that run Windows 8.1 to use a recovery drive.
Monitoring
You must review and take action on any alerts for Active Directory Federation Services (AD FS) application.
You must create detailed views of AD FS log on patterns. You must minimize the number of open firewall ports.
You must monitor audit events for all devices used by the Marketing user group.
Problem Statements
User1 makes frequent changes to a Microsoft Excel workbook each day. Today at 12:00, User overwrites the
existing document on a device that runs Windows 7.
Users in Seattle report a variety of computer issues. You must use the quickest method to revert the devices to
a working state. Users in Dallas also report issues. You must correct the issues that are interfering with existing
applications or files.
A Sales department user overwrites a version of a Word document on their device.
You need to configure Azure Active Directory (AD) Connect Health.
Which additional port should you open?
You need to monitor the company’s environment according…
HOTSPOT
This is a case study. Case studies are not timed separately. You can use as much exam times as you would
like to complete each case. However, there may be additional studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
You are the system administrator for an insurance company named Contoso, Ltd. The company has an onpremises Active Directory Services (AD DS) domain named contoso.com, and a Microsoft Office 365
environment. You deploy the following operating systems across the enterprise:
You configure removable storage usage auditing for all Dallas devices.
Contractors
You hire 25 contractors. The contractors must use their own devices to access Microsoft SharePoint Online
sites in the company’s Office 365 environment. They must use Windows BitLocker and store a recovery key in
Microsoft OneDrive.
User synchronization and authentication
You need to implement synchronization between the on-premises AD DS domain and the Office 365
environment. The solution must use the latest supported Microsoft technologies.
Users must be able to reset their own passwords by using the Microsoft Office 365 portal. When a user resets
their Office 365 password, the password for the user’s on-premises AD DS account must also reset.
Users must be able to sign in to Office 365 by using their AD DS credentials.
Security
You must prevent all users in Seattle except Sales users from using any removable devices. Sales users must
be able to fully access local attached tape drives. Sales users must be prevented from writing to removable
drives.
Technical requirements
General
You deploy a new application to the devices in Seattle. Sales department users in Seattle run an application
that only works on devices that run windows 7.
You deploy a new display driver to all devices in Dallas.
Backup and Recovery
You create system images for all devices that run Windows 7. You must create a new system image each time
you update these devices. You schedule file versioning for these devices to occur at 09:00 and 17:00 each day
on Monday through Friday.
All devices that run Windows 10 must back up the C:\\CompanyDoes folder to a network drive.
You must configure all devices that run Windows 8.1 to use a recovery drive.Monitoring
You must review and take action on any alerts for Active Directory Federation Services (AD FS) application.
You must create detailed views of AD FS log on patterns. You must minimize the number of open firewall ports.
You must monitor audit events for all devices used by the Marketing user group.
Problem Statements
User1 makes frequent changes to a Microsoft Excel workbook each day. Today at 12:00, User overwrites the
existing document on a device that runs Windows 7.
Users in Seattle report a variety of computer issues. You must use the quickest method to revert the devices to
a working state. Users in Dallas also report issues. You must correct the issues that are interfering with existing
applications or files.
A Sales department user overwrites a version of a Word document on their device.
You need to monitor the company’s environment according to the technical requirements.
What should you do? To answer, select the appropriate option from each list in the answer area.
Hot Area:
How should you configure the Group Policy Objects (GPOs)?
HOTSPOT
This is a case study. Case studies are not timed separately. You can use as much exam times as you would
like to complete each case. However, there may be additional studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explorethe content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
You are the system administrator for an insurance company named Contoso, Ltd. The company has an onpremises Active Directory Services (AD DS) domain named contoso.com, and a Microsoft Office 365
environment. You deploy the following operating systems across the enterprise:
You configure removable storage usage auditing for all Dallas devices.
Contractors
You hire 25 contractors. The contractors must use their own devices to access Microsoft SharePoint Online
sites in the company’s Office 365 environment. They must use Windows BitLocker and store a recovery key in
Microsoft OneDrive.
User synchronization and authentication
You need to implement synchronization between the on-premises AD DS domain and the Office 365
environment. The solution must use the latest supported Microsoft technologies.
Users must be able to reset their own passwords by using the Microsoft Office 365 portal. When a user resets
their Office 365 password, the password for the user’s on-premises AD DS account must also reset.
Users must be able to sign in to Office 365 by using their AD DS credentials.
Security
You must prevent all users in Seattle except Sales users from using any removable devices. Sales users must
be able to fully access local attached tape drives. Sales users must be prevented from writing to removable
drives.
Technical requirements
General
You deploy a new application to the devices in Seattle. Sales department users in Seattle run an application
that only works on devices that run windows 7.
You deploy a new display driver to all devices in Dallas.Backup and Recovery
You create system images for all devices that run Windows 7. You must create a new system image each time
you update these devices. You schedule file versioning for these devices to occur at 09:00 and 17:00 each day
on Monday through Friday.
All devices that run Windows 10 must back up the C:\\CompanyDoes folder to a network drive.
You must configure all devices that run Windows 8.1 to use a recovery drive.
Monitoring
You must review and take action on any alerts for Active Directory Federation Services (AD FS) application.
You must create detailed views of AD FS log on patterns. You must minimize the number of open firewall ports.
You must monitor audit events for all devices used by the Marketing user group.
Problem Statements
User1 makes frequent changes to a Microsoft Excel workbook each day. Today at 12:00, User overwrites the
existing document on a device that runs Windows 7.
Users in Seattle report a variety of computer issues. You must use the quickest method to revert the devices to
a working state. Users in Dallas also report issues. You must correct the issues that are interfering with existing
applications or files.
A Sales department user overwrites a version of a Word document on their device.
You need to implement the required Group Policy settings.
How should you configure the Group Policy Objects (GPOs)? To answer, select the appropriate option from
each list in the answer area.
Hot Area:
Which recovery options should you implement?
HOTSPOT
This is a case study. Case studies are not timed separately. You can use as much exam times as you would
like to complete each case. However, there may be additional studies and sections on this exam. You mustmanage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
You are the system administrator for an insurance company named Contoso, Ltd. The company has an onpremises Active Directory Services (AD DS) domain named contoso.com, and a Microsoft Office 365
environment. You deploy the following operating systems across the enterprise:
You configure removable storage usage auditing for all Dallas devices.
Contractors
You hire 25 contractors. The contractors must use their own devices to access Microsoft SharePoint Online
sites in the company’s Office 365 environment. They must use Windows BitLocker and store a recovery key in
Microsoft OneDrive.
User synchronization and authentication
You need to implement synchronization between the on-premises AD DS domain and the Office 365
environment. The solution must use the latest supported Microsoft technologies.
Users must be able to reset their own passwords by using the Microsoft Office 365 portal. When a user resets
their Office 365 password, the password for the user’s on-premises AD DS account must also reset.Users must be able to sign in to Office 365 by using their AD DS credentials.
Security
You must prevent all users in Seattle except Sales users from using any removable devices. Sales users must
be able to fully access local attached tape drives. Sales users must be prevented from writing to removable
drives.
Technical requirements
General
You deploy a new application to the devices in Seattle. Sales department users in Seattle run an application
that only works on devices that run windows 7.
You deploy a new display driver to all devices in Dallas.
Backup and Recovery
You create system images for all devices that run Windows 7. You must create a new system image each time
you update these devices. You schedule file versioning for these devices to occur at 09:00 and 17:00 each day
on Monday through Friday.
All devices that run Windows 10 must back up the C:\\CompanyDoes folder to a network drive.
You must configure all devices that run Windows 8.1 to use a recovery drive.
Monitoring
You must review and take action on any alerts for Active Directory Federation Services (AD FS) application.
You must create detailed views of AD FS log on patterns. You must minimize the number of open firewall ports.
You must monitor audit events for all devices used by the Marketing user group.
Problem Statements
User1 makes frequent changes to a Microsoft Excel workbook each day. Today at 12:00, User overwrites the
existing document on a device that runs Windows 7.
Users in Seattle report a variety of computer issues. You must use the quickest method to revert the devices to
a working state. Users in Dallas also report issues. You must correct the issues that are interfering with existing
applications or files.
A Sales department user overwrites a version of a Word document on their device.
You need to plan the backup and recovery options for the devices in the environment.
Which recovery options should you implement? To answer, select the appropriate option from each list in the
answer area.
Hot Area:
Which two actions should you perform?
This is a case study. Case studies are not timed separately. You can use as much exam times as you would
like to complete each case. However, there may be additional studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the timeprovided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
You are the system administrator for an insurance company named Contoso, Ltd. The company has an onpremises Active Directory Services (AD DS) domain named contoso.com, and a Microsoft Office 365
environment. You deploy the following operating systems across the enterprise:
You configure removable storage usage auditing for all Dallas devices.
Contractors
You hire 25 contractors. The contractors must use their own devices to access Microsoft SharePoint Online
sites in the company’s Office 365 environment. They must use Windows BitLocker and store a recovery key in
Microsoft OneDrive.
User synchronization and authentication
You need to implement synchronization between the on-premises AD DS domain and the Office 365
environment. The solution must use the latest supported Microsoft technologies.
Users must be able to reset their own passwords by using the Microsoft Office 365 portal. When a user resets
their Office 365 password, the password for the user’s on-premises AD DS account must also reset.
Users must be able to sign in to Office 365 by using their AD DS credentials.Security
You must prevent all users in Seattle except Sales users from using any removable devices. Sales users must
be able to fully access local attached tape drives. Sales users must be prevented from writing to removable
drives.
Technical requirements
General
You deploy a new application to the devices in Seattle. Sales department users in Seattle run an application
that only works on devices that run windows 7.
You deploy a new display driver to all devices in Dallas.
Backup and Recovery
You create system images for all devices that run Windows 7. You must create a new system image each time
you update these devices. You schedule file versioning for these devices to occur at 09:00 and 17:00 each day
on Monday through Friday.
All devices that run Windows 10 must back up the C:\\CompanyDoes folder to a network drive.
You must configure all devices that run Windows 8.1 to use a recovery drive.
Monitoring
You must review and take action on any alerts for Active Directory Federation Services (AD FS) application.
You must create detailed views of AD FS log on patterns. You must minimize the number of open firewall ports.
You must monitor audit events for all devices used by the Marketing user group.
Problem Statements
User1 makes frequent changes to a Microsoft Excel workbook each day. Today at 12:00, User overwrites the
existing document on a device that runs Windows 7.
Users in Seattle report a variety of computer issues. You must use the quickest method to revert the devices to
a working state. Users in Dallas also report issues. You must correct the issues that are interfering with existing
applications or files.
A Sales department user overwrites a version of a Word document on their device.
You need to configure access for the contractors.
Which two actions should you perform? Each correct answer presents part of the solution.
Which actions should you perform?
This is a case study. Case studies are not timed separately. You can use as much exam times as you would
like to complete each case. However, there may be additional studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and tomake changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
You are the system administrator for an insurance company named Contoso, Ltd. The company has an onpremises Active Directory Services (AD DS) domain named contoso.com, and a Microsoft Office 365
environment. You deploy the following operating systems across the enterprise:
You configure removable storage usage auditing for all Dallas devices.
Contractors
You hire 25 contractors. The contractors must use their own devices to access Microsoft SharePoint Online
sites in the company’s Office 365 environment. They must use Windows BitLocker and store a recovery key in
Microsoft OneDrive.
User synchronization and authentication
You need to implement synchronization between the on-premises AD DS domain and the Office 365
environment. The solution must use the latest supported Microsoft technologies.
Users must be able to reset their own passwords by using the Microsoft Office 365 portal. When a user resets
their Office 365 password, the password for the user’s on-premises AD DS account must also reset.
Users must be able to sign in to Office 365 by using their AD DS credentials.
Security
You must prevent all users in Seattle except Sales users from using any removable devices. Sales users must
be able to fully access locally attached tape drives. Sales users must be prevented from writing to removable
drives.
Technical requirements
GeneralYou deploy a new application to the devices in Seattle. Sales department users in Seattle run an application
that only works on devices that run windows 7.
You deploy a new display driver to all devices in Dallas.
Backup and Recovery
You create system images for all devices that run Windows 7. You must create a new system image each time
you update these devices. You schedule file versioning for these devices to occur at 09:00 and 17:00 each day
on Monday through Friday.
All devices that run Windows 10 must back up the C:\\CompanyDoes folder to a network drive.
You must configure all devices that run Windows 8.1 to use a recovery drive.
Monitoring
You must review and take action on any alerts for Active Directory Federation Services (AD FS) applications.
You must create detailed views of AD FS log on patterns. You must minimize the number of open firewall ports.
You must monitor audit events for all devices used by the Marketing user group.
Problem Statements
User1 makes frequent changes to a Microsoft Excel workbook each day. Today at 12:00, User1 overwrites the
existing document on a device that runs Windows 7.
Users in Seattle report a variety of computer issues. You must use the quickest method to revert the devices to
a working state. Users in Dallas also report issues. You must correct the issues that are interfering with existing
applications or files.
A Sales department user overwrites a version of a Word document on their device.
You need to configure synchronization.
Which actions should you perform?
You need to configure the required security measures fo…
HOTSPOT
Overview
Background
Blue Yonder Airlines provides regional commercial jet services in the continental United States. The company
also designs, manufactures, and sells custom parts for jet aircraft. The custom parts business is growing
rapidly. Blue Yonder airlines has developed a new part that will help airlines comply with new safety regulations.
The company has a backlog of customers that would like to purchase the part.
The Sales department has 500 users and the Engineering department has 200 users. All employees work eight
hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. This has resulted inmissed deadlines for releasing new products to manufacturing.
Mobile device management
Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). The
subscription includes the MDM Authority and Terms and Conditions components. The company has deployed
the Network Device Enrollment service, Enterprise Certification Authority, and the Intune Certificate Connector.
Blue Yonder Airlines has an on-premises Microsoft Exchange environment.
The company will use a combination of Intune and Azure RemoteApp for Mobile Application Management.
Mobile devices for employees
Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department employees for
use while they are outside of the company network. The company plans to deploy the latest iOS devices for
Sales department users and Windows 10 tablet devices for Engineering department users.
You configure a Sales group for Sales department users and an Engineering group for Engineering department
users. In Intune, you configure a computer device group for Windows 10 devices, and a mobile device group for
iOS devices. You synchronize the Sales and Engineering groups with Azure Active Directory (AD).
Network resources
You have a network file share that is used by Engineering department users to collaborate on projects. The file
share is configured with full control permissions. The company is concerned that users may be disrupted if they
are suddenly denied access to the file share.
Applications
Inventory Management App
Blue Yonder Airlines has developed a custom inventory management app. Sales department users must be
able to access the app from enrolled mobile devices. The data that the app uses is considered confidential and
must be encrypted.
New product Sales App
You procure a third-party app from a vendor to support new product sales. The data that the app uses is highly
confidential. You must restrict access to the app and the app’s data to only Engineering department users. The
app has been signed by using a Blue Airlines certificate. This certificate is not trusted by devices that run
Windows 10.
Product Request Program App
The company has developed the Product Request Program app as a 32-bit Windows application. The
application allows the company to manage the sales fulfillment process. It is also used to record customer
requests for new parts and services. You plan to publish the Product Request Program app in Azure
RemoteApp and configure access for users in the Engineering and Sales departments. This app is not
compatible with the iOS platform and cannot by published by using Intune. You create a virtual machine in
Azure that runs Windows Server 2012 R2. You install the Product Request Program app on the virtual machine.
Business Requirements
You must ensure that the Sales and Engineering teams can share documents and collaborate effectively. Any
collaboration solution must be highly available and must be accessible from the internet. You must restrict
access to any shared files to prevent access.
You must restrict permissions to the Engineering file share. You must monitor access to the file share.
You must provide users in the Sales and Engineering departments access to the following resources:
Corporate email
File Shares hosted in Microsoft SharePoint Online
The Product Request Program app
Technical Requirements
You have the following technical requirements:
Allow all Sales department users to enroll iOS devices for device management and enableencryptednotifications to the devices.
Employees must be able to access company resources without having to manually install certificates or
using an out-of-band process.
Employees must only access corporate resources from devices that comply with the company’s security
policies.
Mobile device protection policies
All devices must include a trusted build and must comply with Blue Yonder Airlines password complexity
rules.
You must clear all corporate data from a mobile device when the number of repeated log on failures is more
than 10.
All devices must be protected from data loss in the event that a device is lost or damaged.
Data that is considered confidential must be encrypted on devices.
Additional technical requirements for Engineering department users and devices
Users must not be challenged for credentials after they initially enroll a device in Intune.
Users must be able to access corporate email on enrolled Windows 10 devices.
Devices must be automatically updated when an update is available. You must configure the Intune agent to
prompt for restart no more than one time during normal business hours. System restarts to complete update
installations must occur outside of normal business hours.
Problem Statements
Sales and Engineering teams
Sales and Engineering department users report that it is difficult to share documents and collaborate on new
projects. Blue Yonder Airlines has an urgent need to improve collaboration between the Sales department and
Engineering department. Any collaboration solution must be highly available and accessible from the Internet.
Engineering department users report that Intune prompts them to restart their Windows 10 devices every 30
minutes when an update is available for installation. The prompts are disruptive to users.
Security issues
The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft has
released a patch to address the vulnerability. The Security department has issued a service announcement.
They request that you deploy the patch to all Windows 10 devices managed by Microsoft Intune.
You need to configure the required security measures for the sales department mobile devices.
What should you do? To answer, select the appropriate action from each list in the answer area. Each correct
answer is worth one point.
Hot Area:
Which action should you perform to complete each task?
HOTSPOT
Overview
Background
Blue Yonder Airlines provides regional commercial jet services in the continental United States. The company
also designs, manufactures, and sells custom parts for jet aircraft. The custom parts business is growing
rapidly. Blue Yonder airlines has developed a new part that will help airlines comply with new safety regulations.
The company has a backlog of customers that would like to purchase the part.
The Sales department has 500 users and the Engineering department has 200 users. All employees work eight
hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. This has resulted in
missed deadlines for releasing new products to manufacturing.
Mobile device management
Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). Thesubscription includes the MDM Authority and Terms and Conditions components. The company has deployed
the Network Device Enrollment service, Enterprise Certification Authority, and the Intune Certificate Connector.
Blue Yonder Airlines has an on-premises Microsoft Exchange environment.
The company will use a combination of Intune and Azure RemoteApp for Mobile Application Management.
Mobile devices for employees
Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department employees for
use while they are outside of the company network. The company plans to deploy the latest iOS devices for
Sales department users and Windows 10 tablet devices for Engineering department users.
You configure a Sales group for Sales department users and an Engineering group for Engineering department
users. In Intune, you configure a computer device group for Windows 10 devices, and a mobile device group for
iOS devices. You synchronize the Sales and Engineering groups with Azure Active Directory (AD).
Network resources
You have a network file share that is used by Engineering department users to collaborate on projects. The file
share is configured with full control permissions. The company is concerned that users may be disrupted if they
are suddenly denied access to the file share.
Applications
Inventory Management App
Blue Yonder Airlines has developed a custom inventory management app. Sales department users must be
able to access the app from enrolled mobile devices. The data that the app uses is considered confidential and
must be encrypted.
New product Sales App
You procure a third-party app from a vendor to support new product sales. The data that the app uses is highly
confidential. You must restrict access to the app and the app’s data to only Engineering department users. The
app has been signed by using a Blue Airlines certificate. This certificate is not trusted by devices that run
Windows 10.
Product Request Program App
The company has developed the Product Request Program app as a 32-bit Windows application. The
application allows the company to manage the sales fulfillment process. It is also used to record customer
requests for new parts and services. You plan to publish the Product Request Program app in Azure
RemoteApp and configure access for users in the Engineering and Sales departments. This app is not
compatible with the iOS platform and cannot by published by using Intune. You create a virtual machine in
Azure that runs Windows Server 2012 R2. You install the Product Request Program app on the virtual machine.
Business Requirements
You must ensure that the Sales and Engineering teams can share documents and collaborate effectively. Any
collaboration solution must be highly available and must be accessible from the internet. You must restrict
access to any shared files to prevent access.
You must restrict permissions to the Engineering file share. You must monitor access to the file share.
You must provide users in the Sales and Engineering departments access to the following resources:
Corporate email
File Shares hosted in Microsoft SharePoint Online
The Product Request Program app
Technical Requirements
You have the following technical requirements:
Allow all Sales department users to enroll iOSdevices for device management and enable encrypted
notifications to the devices.
Employees must be able to access company resources without having to manually install certificates or
using an out-of-band process.
Employees must only access corporate resources from devices that comply with the company’s securitypolicies.
Mobile device protection policies
All devices must include a trusted build and must comply with Blue Yonder Airlines password complexity
rules.
You must clear all corporate data from a mobile device when the number of repeated log on failures is more
than 10.
All devices must be protected from data loss in the event that a device is lost or damaged.
Data that is considered confidential must be encrypted on devices.
Additional technical requirements for Engineering department users and devices
Users must not be challenged for credentials after they initially enroll a device in Intune.
Users must be able to access corporate email on enrolled Windows 10 devices.
Devices must be automatically updated when an update is available. You must configure the Intune agent to
prompt for restart no more than one time during normal business hours. System restarts to complete update
installations must occur outside of normal business hours.
Problem Statements
Sales and Engineering teams
Sales and Engineering department users report that it is difficult to share documents and collaborate on new
projects. Blue Yonder Airlines has an urgent need to improve collaboration between the Sales department and
Engineering department. Any collaboration solution must be highly available and accessible from the Internet.
Engineering department users report that Intune prompts them to restart their Windows 10 devices every 30
minutes when an update is available for installation. The prompts are disruptive to users.
Security issues
The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft has
released a patch to address the vulnerability. The Security department has issued a service announcement.
They request that you deploy the patch to all Windows 10 devices managed by Microsoft Intune.
You need to configure access to the custom inventory app for Sales department users.
Which action should you perform to complete each task? To answer, select the appropriate action for each task
in the answer area.
Hot Area:
which three steps should you perform in sequence?
DRAG DROPOverview
Background
Blue Yonder Airlines provides regional commercial jet services in the continental United States. The company
also designs, manufactures, and sells custom parts for jet aircraft. The custom parts business is growing
rapidly. Blue Yonder airlines has developed a new part that will help airlines comply with new safety regulations.
The company has a backlog of customers that would like to purchase the part.
The Sales department has 500 users and the Engineering department has 200 users. All employees work eight
hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. This has resulted in
missed deadlines for releasing new products to manufacturing.
Mobile device management
Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). The
subscription includes the MDM Authority and Terms and Conditions components. The company has deployed
the Network Device Enrollment service, Enterprise Certification Authority, and the Intune Certificate Connector.
Blue Yonder Airlines has an on-premises Microsoft Exchange environment.
The company will use a combination of Intune and Azure RemoteApp for Mobile Application Management.
Mobile devices for employees
Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department employees for
use while they are outside of the company network. The company plans to deploy the latest iOS devices for
Sales department users and Windows 10 tablet devices for Engineering department users.
You configure a Sales group for Sales department users and an Engineering group for Engineering department
users. In Intune, you configure a computer device group for Windows 10 devices, and a mobile device group for
iOS devices. You synchronize the Sales and Engineering groups with Azure Active Directory (AD).
Network resources
You have a network file share that is used by Engineering department users to collaborate on projects. The file
share is configured with full control permissions. The company is concerned that users may be disrupted if they
are suddenly denied access to the file share.
Applications
Inventory Management App
Blue Yonder Airlines has developed a custom inventory management app. Sales department users must be
able to access the app from enrolled mobile devices. The data that the app uses is considered confidential and
must be encrypted.
New product Sales App
You procure a third-party app from a vendor to support new product sales. The data that the app uses is highly
confidential. You must restrict access to the app and the app’s data to only Engineering department users. The
app has been signed by using a Blue Airlines certificate. This certificate is not trusted by devices that run
Windows 10.
Product Request Program App
The company has developed the Product Request Program app as a 32-bit Windows application. The
application allows the company to manage the sales fulfillment process. It is also used to record customer
requests for new parts and services. You plan to publish the Product Request Program app in Azure
RemoteApp and configure access for users in the Engineering and Sales departments. This app is not
compatible with the iOS platform and cannot by published by using Intune. You create a virtual machine in
Azure that runs Windows Server 2012 R2. You install the Product Request Program app on the virtual machine.
Business Requirements
You must ensure that the Sales and Engineering teams can share documents and collaborate effectively. Any
collaboration solution must be highly available and must be accessible from the internet. You must restrict
access to any shared files to prevent access.You must restrict permissions to the Engineering file share. You must monitor access to the file share.
You must provide users in the Sales and Engineering departments access to the following resources:
Corporate email
File Shares hosted in Microsoft SharePoint Online
The Product Request Program app
Technical Requirements
You have the following technical requirements:
Allow all Sales department users to enroll iOS devices for device management andenable encrypted
notifications to the devices.
Employees must be able to access company resources without having to manually install certificates or
using an out-of-band process.
Employees must only access corporate resources from devices that comply withthe company’s security
policies.
Mobile device protection policies
All devices must include a trusted build and must comply with Blue Yonder Airlines password complexity
rules.
You must clear all corporate data from a mobile device when the number of repeated log on failures is more
than 10.
All devices must be protected from data loss in the event that a device is lost or damaged.
Data that is considered confidential must be encrypted on devices.
Additional technical requirements for Engineering department users and devices
Users must not be challenged for credentials after they initially enroll a device in Intune.
Users must be able to access corporate email on enrolled Windows 10 devices.
Devices must be automatically updated when an update is available. You must configure the Intune agent to
prompt for restart no more than one time during normal business hours. System restarts to complete update
installations must occur outside of normal business hours.
Problem Statements
Sales and Engineering teams
Sales and Engineering department users report that it is difficult to share documents and collaborate on new
projects. Blue Yonder Airlines has an urgent need to improve collaboration between the Sales department and
Engineering department. Any collaboration solution must be highly available and accessible from the Internet.
Engineering department users report that Intune prompts them to restart their Windows 10 devices every 30
minutes when an update is available for installation. The prompts are disruptive to users.
Security issues
The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft has
released a patch to address the vulnerability. The Security department has issued a service announcement.
They request that you deploy the patch to all Windows 10 devices managed by Microsoft Intune.
You need to configure the phones for the Sales department users.
In the Intune administration portal, which three steps should you perform in sequence? To answer, move the
appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
which four actions should you perform in sequence?
DRAG DROP
OverviewBackground
Blue Yonder Airlines provides regional commercial jet services in the continental United States. The company
also designs, manufactures, and sells custom parts for jet aircraft. The custom parts business is growing
rapidly. Blue Yonder airlines has developed a new part that will help airlines comply with new safety regulations.
The company has a backlog of customers that would like to purchase the part.
The Sales department has 500 users and the Engineering department has 200 users. All employees work eight
hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. This has resulted in
missed deadlines for releasing new products to manufacturing.
Mobile device management
Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). The
subscription includes the MDM Authority and Terms and Conditions components. The company has deployed
the Network Device Enrollment service, Enterprise Certification Authority, and the Intune Certificate Connector.
Blue Yonder Airlines has an on-premises Microsoft Exchange environment.
The company will use a combination of Intune and Azure RemoteApp for Mobile Application Management.
Mobile devices for employees
Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department employees for
use while they are outside of the company network. The company plans to deploy the latest iOS devices for
Sales department users and Windows 10 tablet devices for Engineering department users.
You configure a Sales group for Sales department users and an Engineering group for Engineering department
users. In Intune, you configure a computer device group for Windows 10 devices, and a mobile device group for
iOS devices. You synchronize the Sales and Engineering groups with Azure Active Directory (AD).
Network resources
You have a network file share that is used by Engineering department users to collaborate on projects. The file
share is configured with full control permissions. The company is concerned that users may be disrupted if they
are suddenly denied access to the file share.
Applications
Inventory Management App
Blue Yonder Airlines has developed a custom inventory management app. Sales department users must be
able to access the app from enrolled mobile devices. The data that the app uses is considered confidential and
must be encrypted.
New product Sales App
You procure a third-party app from a vendor to support new product sales. The data that the app uses is highly
confidential. You must restrict access to the app and the app’s data to only Engineering department users. The
app has been signed by using a Blue Airlines certificate. This certificate is not trusted by devices that run
Windows 10.
Product Request Program App
The company has developed the Product Request Program app as a 32-bit Windows application. The
application allows the company to manage the sales fulfillment process. It is also used to record customer
requests for new parts and services. You plan to publish the Product Request Program app in Azure
RemoteApp and configure access for users in the Engineering and Sales departments. This app is not
compatible with the iOS platform and cannot by published by using Intune. You create a virtual machine in
Azure that runs Windows Server 2012 R2. You install the Product Request Program app on the virtual machine.
Business Requirements
You must ensure that the Sales and Engineering teams can share documents and collaborate effectively. Any
collaboration solution must be highly available and must be accessible from the internet. You must restrict
access to any shared files to prevent access.
You must restrict permissions to the Engineering file share. You must monitor access to the file share.You must provide users in the Sales and Engineering departments access to the following resources:
Corporate email
File Shares hosted inMicrosoft SharePoint Online
The Product Request Program app
Technical Requirements
You have the following technical requirements:
Allow all Sales department users to enroll iOS devices for device management and enable encrypted
notifications to thedevices.
Employees must be able to access company resources without having to manually install certificates or
using an out-of-band process.
Employees must only access corporate resources from devices that comply with the company’s security
policies.
Mobile device protection policies
All devices must include a trusted build and must comply with Blue Yonder Airlines password complexity
rules.
You must clear all corporate data from a mobile device when the number of repeated log on failures is more
than 10.
All devices must be protected from data loss in the event that a device is lost or damaged.
Data that is considered confidential must be encrypted on devices.
Additional technical requirements for Engineering department users and devices
Users must not bechallenged for credentials after they initially enroll a device in Intune.
Users must be able to access corporate email on enrolled Windows 10 devices.
Devices must be automatically updated when an update is available. You must configure the Intune agentto
prompt for restart no more than one time during normal business hours. System restarts to complete update
installations must occur outside of normal business hours.
Problem Statements
Sales and Engineering teams
Sales and Engineering department users report that it is difficult to share documents and collaborate on new
projects. Blue Yonder Airlines has an urgent need to improve collaboration between the Sales department and
Engineering department. Any collaboration solution must be highly available and accessible from the Internet.
Engineering department users report that Intune prompts them to restart their Windows 10 devices every 30
minutes when an update is available for installation. The prompts are disruptive to users.
Security issues
The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft has
released a patch to address the vulnerability. The Security department has issued a service announcement.
They request that you deploy the patch to all Windows 10 devices managed by Microsoft Intune.
You need to configure the mobile devices for the Engineering department users.
In the Microsoft Intune administration portal, which four actions should you perform in sequence? To answer,
move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
