Question 1mediummultiple choice
Read the full Manage and maintain devices explanation →MD-102 Manage and maintain devices • Complete Question Bank
Complete MD-102 Manage and maintain devices question bank — all 0 questions with answers and detailed explanations.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Device compliance policy for Windows 10 devices",
"displayName": "Windows 10 Compliance Policy v2",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordRequiredType": "deviceDefault",
"passwordMinutesOfInactivityBeforeLock": 15,
"storageRequireEncryption": true,
"activeFirewallRequired": true,
"defenderEnabled": true,
"defenderVersion": "4.18.2207.7",
"osMinimumVersion": "10.0.19042.0",
"osMaximumVersion": "10.0.22621.0"
}Get-IntuneManagedDevice -Filter "operatingSystem eq 'Windows'" | Select-Object id, deviceName, lastSyncDateTime, complianceState
{
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"displayName": "Windows 10 Security Baselines",
"privacy": {
"advertisingId": "disabled",
"enableEnhancedSafeguards": true
},
"defender": {
"detectionFrequency": 2,
"realTimeProtection": true,
"cloudBlockLevel": "high"
},
"windowsUpdate": {
"activeHoursStart": "08:00",
"activeHoursEnd": "17:00",
"updateNotificationLevel": "defaultNotifications"
}
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.22621.0",
"storageRequireEncryption": true
}Refer to the exhibit. PS C:\> Get-IntuneManagedDevice -DeviceName "PC-001" | Select-Object -Property DeviceName, OSVersion, LastSyncDateTime, ComplianceState, EnrollmentType DeviceName OSVersion LastSyncDateTime ComplianceState EnrollmentType ---------- --------- ---------------- --------------- -------------- PC-001 10.0.19044.0 2025-03-15T10:30:00Z compliant MDM
Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10EnrollmentConfigurationTemplate",
"displayName": "Bulk Enrollment Token",
"expirationDateTime": "2025-06-01T00:00:00Z",
"tokenType": "bulkEnrollment",
"scopeTags": []
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"passwordMinutesOfInactivityBeforeLock": 15,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 5,
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.22621.0",
"storageRequireEncryption": true
}{
"deviceId": "12345",
"deviceName": "CONTOSO-PC",
"managedDeviceOwnerType": "company",
"enrolledDateTime": "2025-01-15T10:00:00Z",
"lastSyncDateTime": "2025-02-10T08:00:00Z",
"operatingSystem": "Windows",
"complianceState": "noncompliant",
"complianceGracePeriodExpirationDateTime": "2025-02-20T10:00:00Z",
"userPrincipalName": "user@contoso.com"
}{
"deviceId": "67890",
"deviceName": "SALES-LAPTOP",
"operatingSystem": "Windows",
"osVersion": "10.0.22621.0",
"complianceState": "compliant",
"lastSyncDateTime": "2025-03-01T12:00:00Z",
"enrolledDateTime": "2025-02-01T09:00:00Z",
"userPrincipalName": "sales@contoso.com"
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordRequireComplexity": "required",
"passwordExpirationDays": 90,
"secureBootEnabled": true,
"tpmEnabled": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "medium"
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CustomConfiguration",
"omaSettings": [
{
"@odata.type": "#microsoft.graph.omaSettingString",
"displayName": "Custom ADMX setting",
"description": "Enables feature XYZ",
"omaUri": "./Device/Vendor/MSFT/Policy/Config/ADMX_Custom/Policy_XYZ",
"value": "1"
}
]
}The above PowerShell cmdlet returns the following output:
DeviceName: LAPTOP001 LastSyncDateTime: 2025-03-15T08:30:00Z ComplianceState: noncompliant ManagementState: managed OSVersion: 10.0.19044.1288
The device last synced 3 days ago. What is the most likely reason for the noncompliant status?
Refer to the exhibit. Get-IntuneManagedDevice -DeviceName "LAPTOP001" | Select-Object -Property DeviceName, LastSyncDateTime, ComplianceState, ManagementState, OSVersion
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.22621.0",
"storageRequireEncryption": true,
"activeFirewallRequired": true,
"defenderEnabled": true
}{
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"defenderDetectedMalwareActions": {
"lowSeverity": "clean",
"moderateSeverity": "clean",
"highSeverity": "block",
"severeSeverity": "block"
},
"defenderCloudBlockLevel": "high",
"defenderPromptForSampleSubmission": "alwaysPrompt",
"defenderPUAProtection": "enabled"
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.22621.0",
"storageRequireEncryption": true,
"activeFirewallRequired": true,
"defenderEnabled": true
}{
"@odata.type": "#microsoft.graph.windows10CustomConfiguration",
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "Custom OMA-URI Policy",
"omaSettings": [
{
"@odata.type": "#microsoft.graph.omaSettingString",
"displayName": "Disable Telemetry",
"omaUri": "./Vendor/MSFT/Policy/Config/System/AllowTelemetry",
"value": "0"
},
{
"@odata.type": "#microsoft.graph.omaSettingInteger",
"displayName": "Max Inactivity Timeout",
"omaUri": "./Vendor/MSFT/Policy/Config/DeviceLock/DeviceLockMaxInactivityTimeAllow",
"value": "300"
}
]
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"displayName": "Windows 10 Compliance",
"requireDeviceEncryption": true,
"requireSecureBoot": true,
"requireCodeIntegrity": true,
"passwordRequired": true,
"passwordMinimumLength": 8
}Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'" | Select-Object id, deviceName, enrolledDateTime, lastSyncDateTime, complianceState
{
"enrollmentTimeDeviceMembershipLimit": 15,
"reusableGroupSetting": {
"@odata.type": "#microsoft.graph.deviceManagementReusableGroupSetting",
"id": "reusable-group-id",
"displayName": "All Windows Devices"
},
"scopeTagIds": ["default"]
}Get-IntuneManagedDevice -Filter "(operatingSystem eq 'Windows') and (lastSyncDateTime lt '2025-01-01T00:00:00Z')"
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordRequiredType": "deviceDefault",
"osMinimumVersion": "10.0.19041.0"
}{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/managedDevices/$entity",
"id": "12345678-1234-1234-1234-123456789012",
"deviceName": "LAPTOP01",
"operatingSystem": "Windows",
"complianceState": "compliant",
"lastSyncDateTime": "2025-12-01T10:30:00Z",
"userPrincipalName": "user@contoso.com",
"enrolledDateTime": "2025-11-15T08:00:00Z",
"managementAgent": "mdm"
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequireToUnlockFromIdle": true,
"passwordMinutesOfInactivityBeforeLock": 5,
"requireActiveFirewall": true,
"requireAntivirus": true,
"requireDefender": true
}{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Intune/configurationPolicies",
"apiVersion": "2025-05-01",
"name": "Win10-Security-Baseline",
"properties": {
"templateReference": {
"templateId": "Microsoft.Windows10.SecurityBaseline"
},
"settings": [
{
"settingInstance": {
"choiceSettingValue": {
"value": "Microsoft.Windows10.SecurityBaseline.BlockUserFromModifyingAccountPolicies"
}
}
}
]
}
}
]
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy requiring encryption",
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "high",
"bitLockerEnabled": true,
"storageRequireEncryption": true,
"passwordRequired": true,
"passwordMinimumLength": 6
}Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'" | Select-Object id, deviceName, complianceState, lastSyncDateTime
{
"@odata.type": "#microsoft.graph.windowsUpdateForBusinessConfiguration",
"updateClassification": "all",
"automaticUpdateMode": "autoInstallAndRebootWithEndUserControl",
"businessReadyUpdatesOnly": "all",
"featureUpdateDeferralPeriodInDays": 30,
"qualityUpdateDeferralPeriodInDays": 7
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Require BitLocker and Secure Boot",
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "medium",
"bitLockerEnabled": true,
"secureBootEnabled": true,
"osMinimumVersion": "10.0.19042.0"
}Get-MgDeviceManagementManagedDevice -ManagedDeviceId "12345678-1234-1234-1234-123456789012" | Select-Object -Property DeviceName, OperatingSystem, ComplianceState, LastSyncDateTime
{
"@odata.type": "#microsoft.graph.windows10UpdateRingConfiguration",
"updateNotificationLevel": "2",
"featureUpdateDeferralInDays": 30,
"qualityUpdateDeferralInDays": 7,
"automaticUpdateBehavior": "autoInstallAndRebootWithEndUserControl"
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 11 compliance policy",
"displayName": "Win11 Compliance Policy",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordMinutesOfInactivityBeforeLock": 15,
"osMinimumVersion": "10.0.22621.0",
"osMaximumVersion": "10.0.22621.1000",
"tpmRequired": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "medium"
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"displayName": "Windows 11 Security Baseline",
"description": "Custom security settings",
"passwordRequire": true,
"passwordMinimumLength": 10,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 24,
"passwordMinutesOfInactivityBeforeScreenTimeout": 15,
"allowCopyPaste": false,
"allowCamera": false,
"allowBluetooth": false,
"allowVPNOverCellular": false,
"allowStorageCard": false,
"allowWiFi": true
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"displayName": "Win11 Compliance",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordMinutesOfInactivityBeforeLock": 5,
"osMinimumVersion": "10.0.22000.0",
"osMaximumVersion": "10.0.22621.1000",
"storageRequireEncryption": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "high"
}{
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "Windows 10 Security Baseline",
"description": "Custom security settings",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 5,
"passwordRequiredType": "alphanumeric",
"passwordSignInFailureCountBeforeReset": 10,
"passwordBlockSimple": true,
"bitLockerEncryptionMethod": "aes256",
"bitLockerDisableWarningForOtherDiskEncryption": false
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "numeric",
"requireDeviceEncryption": true,
"firewallEnabled": true,
"antivirusEnabled": true,
"antispywareEnabled": true,
"tpmRequired": true
}{
"appName": "Microsoft Edge",
"appVersion": "96.0.1054.62",
"channel": "Stable",
"assignment": {
"intent": "required",
"installationPurpose": "system",
"settings": {
"uninstallPrevious": true
}
}
}{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Require BitLocker and Secure Boot",
"passwordRequired": true,
"passwordMinimumLength": 6,
"requireDeviceEncryption": true,
"secureBootEnabled": true,
"tpmRequired": true,
"roleScopeTagIds": ["0"],
"id": "00000000-0000-0000-0000-000000000001"
}{
"value": [
{
"@odata.type": "#microsoft.graph.managedDevice",
"id": "12345678-1234-1234-1234-123456789012",
"deviceName": "DESKTOP-ABC123",
"operatingSystem": "Windows",
"osVersion": "10.0.19045.3803",
"complianceState": "noncompliant",
"lastSyncDateTime": "2025-03-15T10:30:00Z",
"enrolledDateTime": "2025-01-10T08:00:00Z"
}
]
}{
"properties": {
"displayName": "Win32 App Deployment",
"description": "Deploy custom script",
"publisher": "Contoso",
"installExperience": "system",
"requirementRule": {
"@odata.type": "#microsoft.graph.win32LobAppRequirement",
"operator": "greaterThanOrEqual",
"value": "10.0.19041"
},
"detectionRule": {
"@odata.type": "#microsoft.graph.win32LobAppDetection",
"path": "C:\\Program Files\\Contoso\\App.exe",
"fileOrFolderName": "App.exe",
"check32BitOn64System": false
},
"installCommandLine": "setup.exe /silent",
"uninstallCommandLine": "setup.exe /uninstall"
}
}Refer to the exhibit.
```json
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordMinutesOfInactivityBeforeLock": 15,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 5,
"passwordRequiredType": "deviceDefault",
"osMinimumVersion": "10.0.19042.0",
"osMaximumVersion": "10.0.19044.0",
"storageRequireEncryption": true
}
```Refer to the exhibit.
```json
{
"@odata.type": "#microsoft.graph.windowsUpdateForBusinessConfiguration",
"deliveryOptimizationMode": "httpOnly",
"microsoftUpdateServiceAllowed": true,
"automaticUpdateMode": "autoInstallAndRebootWithWarning",
"qualityUpdateDeferralPeriodInDays": 0,
"featureUpdateDeferralPeriodInDays": 30
}
```Refer to the exhibit.
```json
{
"@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
"defenderBlockOnAccessProtection": true,
"defenderScheduleScanDay": "everyday",
"defenderScanType": "quick",
"defenderCloudBlockLevel": "high",
"defenderPUAProtection": "enabled",
"defenderRealTimeScanDirection": "monitorAllFiles"
}
```{
"exhibit": "{\"@odata.type\": \"#microsoft.graph.windows10CustomConfiguration\",\"id\": \"c045a8a1-9e1a-4f1a-9c9a-4a7d7c6b3e2f\",\"omaSettings\": [{\"@odata.type\": \"#microsoft.graph.omaSettingString\",\"displayName\": \"Allow VPN over cellular\",\"omaUri\": \"./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowVPNOverCellular\",\"value\": \"0\"}]}"{
"exhibit": "From Microsoft Intune admin center > Devices > Windows > Update rings. Settings: \"Servicing channel\": \"Windows Insider - Dev\", \"Quality update deferral period (days)\": 0, \"Feature update deferral period (days)\": 0, \"Feature update uninstall period (days)\": 10, \"Automatic update behavior\": \"Auto install and restart at maintenance time\"}"{
"exhibit": "PowerShell command: Get-MgDeviceManagementManagedDevice -Filter \"operatingSystem eq 'Windows'\" | Select-Object id, deviceName, lastSyncDateTime, complianceState"}{
"exhibit": "KQL query in Microsoft Sentinel: DeviceInfo | where TimeGenerated > ago(7d) | where OSPlatform == 'Windows' | summarize TotalDevices = dcount(DeviceId) by DeviceName"}{
"Name": "Windows Update Ring - Pilot",
"Description": "Pilot ring for Windows feature updates",
"Type": "Update ring for Windows 10 and later",
"Properties": {
"updateNotificationLevel": "2",
"featureUpdateDeferralInDays": 30,
"featureUpdatePauseStartDate": null,
"qualityUpdateDeferralInDays": 7,
"qualityUpdatePauseStartDate": null,
"automaticUpdateBehavior": "4",
"activeHoursStart": "08:00",
"activeHoursEnd": "17:00"
}
}{
"DeviceFilter": {
"Name": "Windows 10 Pro devices",
"Rule": "(device.osVersion -startsWith \"10.0.1904\") and (device.deviceType -eq \"Windows\") and (device.skuFamily -eq \"Professional\")"
}
}{
"displayName": "Windows 10 Compliance Policy",
"scheduledActionsForRule": [
{
"ruleName": "PasswordRequired",
"scheduledActionConfigurations": [
{
"actionType": "block",
"gracePeriodHours": 0,
"notificationTemplateId": ""
}
]
}
],
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "low",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordMinutesOfInactivityBeforeLock": 5
}Get-DeviceManagement_ManagedDevices | Where-Object {$_.complianceState -eq 'noncompliant'} | Select-Object deviceName, lastSyncDateTime, complianceGracePeriodExpirationDateTime{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#deviceManagement/managedDevices/$entity",
"id": "12345678-1234-1234-1234-123456789012",
"deviceName": "DESKTOP-ABC123",
"operatingSystem": "Windows",
"osVersion": "10.0.22621.1",
"managementState": "managed",
"complianceState": "noncompliant",
"lastSyncDateTime": "2025-03-15T10:00:00Z",
"enrolledDateTime": "2025-01-01T08:00:00Z",
"ownerType": "company",
"userDisplayName": "John Doe"
}{
"compliancePolicies": [
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"displayName": "Windows Compliance Policy",
"description": "Requires BitLocker and antivirus",
"requireDeviceGuard": false,
"requireDefender": true,
"requireEncryption": true,
"passwordRequired": true,
"passwordMinimumLength": 6
}
],
"deviceConfigurationPolicies": [
{
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"displayName": "Windows Security Baseline",
"defender": {
"realTimeProtection": true,
"cloudBlockLevel": "high",
"scanParameter": "fullscan"
},
"bitLocker": {
"encryptionMethod": "AES256",
"requireStartupPin": false
}
}
]
}