DRAG DROP
OverviewBackground
Blue Yonder Airlines provides regional commercial jet services in the continental United States. The company
also designs, manufactures, and sells custom parts for jet aircraft. The custom parts business is growing
rapidly. Blue Yonder airlines has developed a new part that will help airlines comply with new safety regulations.
The company has a backlog of customers that would like to purchase the part.
The Sales department has 500 users and the Engineering department has 200 users. All employees work eight
hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. This has resulted in
missed deadlines for releasing new products to manufacturing.
Mobile device management
Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). The
subscription includes the MDM Authority and Terms and Conditions components. The company has deployed
the Network Device Enrollment service, Enterprise Certification Authority, and the Intune Certificate Connector.
Blue Yonder Airlines has an on-premises Microsoft Exchange environment.
The company will use a combination of Intune and Azure RemoteApp for Mobile Application Management.
Mobile devices for employees
Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department employees for
use while they are outside of the company network. The company plans to deploy the latest iOS devices for
Sales department users and Windows 10 tablet devices for Engineering department users.
You configure a Sales group for Sales department users and an Engineering group for Engineering department
users. In Intune, you configure a computer device group for Windows 10 devices, and a mobile device group for
iOS devices. You synchronize the Sales and Engineering groups with Azure Active Directory (AD).
Network resources
You have a network file share that is used by Engineering department users to collaborate on projects. The file
share is configured with full control permissions. The company is concerned that users may be disrupted if they
are suddenly denied access to the file share.
Applications
Inventory Management App
Blue Yonder Airlines has developed a custom inventory management app. Sales department users must be
able to access the app from enrolled mobile devices. The data that the app uses is considered confidential and
must be encrypted.
New product Sales App
You procure a third-party app from a vendor to support new product sales. The data that the app uses is highly
confidential. You must restrict access to the app and the app’s data to only Engineering department users. The
app has been signed by using a Blue Airlines certificate. This certificate is not trusted by devices that run
Windows 10.
Product Request Program App
The company has developed the Product Request Program app as a 32-bit Windows application. The
application allows the company to manage the sales fulfillment process. It is also used to record customer
requests for new parts and services. You plan to publish the Product Request Program app in Azure
RemoteApp and configure access for users in the Engineering and Sales departments. This app is not
compatible with the iOS platform and cannot by published by using Intune. You create a virtual machine in
Azure that runs Windows Server 2012 R2. You install the Product Request Program app on the virtual machine.
Business Requirements
You must ensure that the Sales and Engineering teams can share documents and collaborate effectively. Any
collaboration solution must be highly available and must be accessible from the internet. You must restrict
access to any shared files to prevent access.
You must restrict permissions to the Engineering file share. You must monitor access to the file share.You must provide users in the Sales and Engineering departments access to the following resources:
Corporate email
File Shares hosted inMicrosoft SharePoint Online
The Product Request Program app
Technical Requirements
You have the following technical requirements:
Allow all Sales department users to enroll iOS devices for device management and enable encrypted
notifications to thedevices.
Employees must be able to access company resources without having to manually install certificates or
using an out-of-band process.
Employees must only access corporate resources from devices that comply with the company’s security
policies.
Mobile device protection policies
All devices must include a trusted build and must comply with Blue Yonder Airlines password complexity
rules.
You must clear all corporate data from a mobile device when the number of repeated log on failures is more
than 10.
All devices must be protected from data loss in the event that a device is lost or damaged.
Data that is considered confidential must be encrypted on devices.
Additional technical requirements for Engineering department users and devices
Users must not bechallenged for credentials after they initially enroll a device in Intune.
Users must be able to access corporate email on enrolled Windows 10 devices.
Devices must be automatically updated when an update is available. You must configure the Intune agentto
prompt for restart no more than one time during normal business hours. System restarts to complete update
installations must occur outside of normal business hours.
Problem Statements
Sales and Engineering teams
Sales and Engineering department users report that it is difficult to share documents and collaborate on new
projects. Blue Yonder Airlines has an urgent need to improve collaboration between the Sales department and
Engineering department. Any collaboration solution must be highly available and accessible from the Internet.
Engineering department users report that Intune prompts them to restart their Windows 10 devices every 30
minutes when an update is available for installation. The prompts are disruptive to users.
Security issues
The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft has
released a patch to address the vulnerability. The Security department has issued a service announcement.
They request that you deploy the patch to all Windows 10 devices managed by Microsoft Intune.
You need to configure the mobile devices for the Engineering department users.
In the Microsoft Intune administration portal, which four actions should you perform in sequence? To answer,
move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
https://docs.microsoft.com/en-us/intune/deploy-use/configure-intune-certificate-profiles
Answer:
1. Export the Blue Yonder root certificate
2. Create a Trusted Certificate Profile for Windows 8.1 and later devices
3. Create a Simple Certificate Enrollment Protocol profile for Windows 8.1 and later devices
4. Deploy the profiles to the Engineering group