Question 1easymultiple choice
Read the full Protect devices explanation →MD-102 Protect devices • Complete Question Bank
Complete MD-102 Protect devices question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```json
{
"compliancePolicy": {
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"requireHealthyDeviceReport": false,
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": null,
"mobileOsMinimumVersion": null,
"storageRequireEncryption": true
}
}
```Refer to the exhibit.
```json
{
"enrollmentStatusPage": {
"@odata.type": "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration",
"showInstallationProgress": true,
"blockDeviceSetupRetryByUser": true,
"allowDeviceResetOnInstallFailure": true,
"allowDeviceUseOnInstallFailure": false,
"installProgressTimeoutInMinutes": 60,
"trackInstallProgressForAutopilotOnly": true
}
}
```Refer to the exhibit.
```json
{
"microsoft365BusinessVoice": {
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"telemetryLevel": "1 - Basic",
"enableDeviceManufacturer": "Contoso",
"enableDeviceModel": "Surface Pro 7",
"enableDeviceName": "LAPTOP-01",
"enableDeviceOSVersion": true,
"enableDeviceOSBuild": true,
"enableDeviceSerialNumber": true,
"enableDeviceIMEI": null
}
}
```Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 5,
"requireHealthyDevice": false,
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.19043.0",
"mobileOsMinimumVersion": null,
"mobileOsMaximumVersion": null,
"earlyLaunchAntiMalwareDriverEnabled": true,
"bitLockerEnabled": true,
"secureBootEnabled": true,
"codeIntegrityEnabled": true,
"storageRequireEncryption": true,
"activeFirewallRequired": true,
"defenderEnabled": true,
"defenderVersion": "1.1.1800.0",
"signatureOutOfDate": false,
"rtpEnabled": true
}Refer to the exhibit.
$devices = Get-MgDeviceManagementManagedDevice
foreach ($device in $devices) {
if ($device.DeviceType -eq 'WindowsRT' -or $device.DeviceType -eq 'WindowsMobile') {
Write-Output "Device $($device.DeviceName) is not supported for compliance."
}
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10ConfigurationPolicy",
"displayName": "Custom Policy",
"omaSettings": [
{
"@odata.type": "#microsoft.graph.omaSettingString",
"displayName": "Enable telemetry",
"description": null,
"omaUri": "./Vendor/MSFT/Policy/Config/System/AllowTelemetry",
"value": "2"
},
{
"@odata.type": "#microsoft.graph.omaSettingString",
"displayName": "Disable Cortana",
"description": null,
"omaUri": "./Vendor/MSFT/Policy/Config/Experience/AllowCortana",
"value": "0"
}
]
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordRequiredType": "deviceDefault",
"requireSecureBoot": true,
"requireDeviceEncryption": true,
"requireCodeIntegrity": true
}Refer to the exhibit.
```
$devices = Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'"
foreach ($device in $devices) {
$compliance = Get-MgDeviceManagementDeviceCompliancePolicySettingStateSummary -ManagedDeviceId $device.Id
Write-Output $device.DeviceName
$compliance.SettingStates | Where-Object {$_.SettingName -eq "Encryption"} | Select-Object State
}
```Refer to the exhibit.
```kusto
DeviceEvents
| where Timestamp > ago(7d)
| where DeviceName in ('PC001', 'PC002')
| where ActionType == 'AntivirusDetection'
| summarize DetectionCount = count() by DeviceName
| where DetectionCount > 0
```Refer to the exhibit.
```json
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 5,
"requireHealthyDeviceReport": true,
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.22621.0",
"mobileOsMinimumVersion": null,
"mobileOsMaximumVersion": null,
"earlyLaunchAntiMalwareDriverEnabled": true,
"bitLockerEnabled": true,
"secureBootEnabled": true,
"codeIntegrityEnabled": true,
"storageRequireEncryption": true
}
```Refer to the exhibit.
```powershell
Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'" |
Where-Object {$_.complianceState -eq 'noncompliant'} |
Select-Object id, deviceName, complianceState
```Refer to the exhibit.
```json
{
"@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
"firewallRules": [
{
"@odata.type": "#microsoft.graph.windowsFirewallRule",
"displayName": "Allow RDP",
"direction": "inbound",
"protocol": "tcp",
"localPortRanges": ["3389"],
"action": "block"
}
],
"defenderDetectedMalwareActions": {
"highSeverity": "block",
"moderateSeverity": "clean",
"lowSeverity": "allow"
}
}
```Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
"defenderDetectedMalwareActions": {
"highSeverity": "clean",
"moderateSeverity": "quarantine",
"lowSeverity": "block"
},
"defenderScanType": "quick",
"defenderScheduleScanDay": 4,
"defenderScheduleScanTime": "02:00:00"
}Refer to the exhibit. $device = Get-MgDeviceManagementManagedDevice -ManagedDeviceId "12345678-1234-1234-1234-123456789012" $device.ComplianceState Output: "Noncompliant" $device.GetCompliancePolicyNonComplianceReasons() Output: "RequireEncryption"
Refer to the exhibit.
Device configuration profile:
{
"@odata.type": "#microsoft.graph.windows10CustomConfiguration",
"omaSettings": [
{
"@odata.type": "#microsoft.graph.omaSettingString",
"displayName": "Disable Lock Screen Camera",
"description": null,
"omaUri": "./Vendor/MSFT/Policy/Config/DeviceLock/PreventLockScreenCamera",
"value": "1"
}
]
}Refer to the exhibit.
Exhibit (Intune JSON policy snippet):
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Company compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordRequiredType": "deviceDefault",
"passwordMinutesOfInactivityBeforeLock": 15,
"passwordExpirationDays": 90,
"passwordPreviousPasswordBlockCount": 5,
"requireHealthyUntrustedEndorsementCertificate": false,
"requireHealthyTrustedEndorsementCertificate": false,
"tpmRequired": false,
"secureBootEnabled": true,
"codeIntegrityEnabled": true,
"earlyLaunchAntiMalwareDriverEnabled": true,
"deviceThreatProtectionEnabled": false,
"deviceThreatProtectionRequiredSecurityLevel": "unavailable",
"configurationManagerComplianceRequired": false
}Refer to the exhibit.
Exhibit (Intune JSON configuration policy snippet):
{
"@odata.type": "#microsoft.graph.windows10CustomConfiguration",
"omaSettings": [
{
"@odata.type": "#microsoft.graph.omaSettingString",
"displayName": "Disable Telemetry",
"description": null,
"omaUri": "./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry",
"value": "0"
}
]
}Refer to the exhibit. Exhibit (PowerShell output from Get-MgDeviceManagementDeviceConfiguration): Id DisplayName AssignmentStatus -- ----------- ---------------- d36f8c2a-1234-5678-9abc-def012345678 Windows Defender AV Success b7a1c3d4-5678-90ab-cdef-1234567890ab BitLocker Policy Pending f8e7d6c5-4321-0fed-cba9-876543210abc Firewall Rules Error
Refer to the exhibit. Exhibit (KQL query from Microsoft Defender XDR): DeviceInfo | where Timestamp > ago(7d) | where DeviceName contains "CONTOSO-LAPTOP" | project Timestamp, DeviceName, OSPlatform, OSVersion, IsAzureADJoined, RiskScore | order by Timestamp desc
Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"passwordRequiredType": "deviceDefault",
"osMinimumVersion": "10.0.19041.0",
"osMaximumVersion": "10.0.19045.0",
"earlyLaunchAntimalwareDriverEnabled": true,
"secureBootEnabled": true,
"tpmRequired": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "medium"
}Refer to the exhibit. PowerShell output: PS C:\> Get-IntuneManagedDevice -DeviceName "DESKTOP-1234" | Select-Object -Property complianceState, lastSyncDateTime, managementAgent, azureADDeviceId complianceState : noncompliant lastSyncDateTime : 2025-12-01T10:30:00Z managementAgent : mdm azureADDeviceId : a1b2c3d4-e5f6-7890-abcd-ef1234567890
Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Require BitLocker",
"bitLockerEnabled": true,
"bitLockerRemovableDrivesEncryptionRequired": true,
"bitLockerRecoveryPasswordRotation": "enabled"
}Refer to the exhibit.
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"description": "Windows 10 compliance policy",
"passwordRequired": true,
"passwordMinimumLength": 8,
"passwordRequiredType": "alphanumeric",
"osMinimumVersion": "10.0.19045.0",
"osMaximumVersion": "10.0.22621.0",
"storageRequireEncryption": true,
"activeFirewallRequired": true,
"defenderEnabled": true
}{
"csp": "./Device/Vendor/MSFT/DMClient/Provider/MS DM Server/CheckInURL",
"value": "https://manage.microsoft.com/EnrollmentServer/Discovery.svc"
}{
"compliancePolicies": [
{
"@odata.type": "#microsoft.graph.windows10CompliancePolicy",
"passwordRequired": true,
"passwordMinimumLength": 6,
"requireDeviceEncryption": true,
"requireSecureBoot": true,
"requireCodeIntegrity": true
}
]
}