User Profile
LK7313
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Understanding a Compliance Policy Question
Hello, I have been studying for the MD-101, and have been going through a number of practice tests. I am wracking my brain to try and understand why I got this question wrong. Could someone explain why my thinking is incorrect? Here is the question: ---------------------------------------- You have the following device compliance policies within Intune: Name Type Encryption Windows Defender Antimalware Mark device as not compliant Assigned to Policy1 Windows 8 Require Not applicable 5 days Group1 Policy2 Windows 10 Not configured Require 7 Days Group2 Policy3 Windows10 Required Require 10 Days Group2 The Intune Compliance policy settings are configured as follows: Mark Devices with no compliance policy assigned as: Not Compliant Enhanced jailbreak detection: Disabled Compliance status validity period (days): 30 On June 1st, you enroll Windows 10 devices in Intune as shown in the following table. Name Use Bitlocker Drive Encryption (Bitlocker) Windows Defender Member of Device1 No Enabled Group1 Device2 No Enabled Group2 Questions: On June 4th, Device1 is marked as compliant. Yes/No On June 6th, Device 1 is marked as compliant. Yes/No On June 9th Device2 is marked as compliant. Yes/No ------------------------------------ Unless I am thinking about the 'Mark device as not compliant' incorrectly, I would think that on June 4th, Device1 would be marked as compliant. Device1 is a member of Group1, which has Policy1 assigned to it. Policy1 requires encryption, so Device1 would be considered non-compliant but only after 5 days have passed.Therefore, on June 4th, the device would still be considered compliant. Practice test says the device would be marked as non-compliant on June 4th, despite the 5 days not having fully passed. The device being marked as non-compliant in the second question makes more sense, since by June 6th, 5 days have passed since the compliance policy was applied. For the last question, the practice test says Device 2 would be marked as non-compliant on June 9th. Device2 is in Group2, which has both Policy2 and Policy3 applying to it. 8 days have passed since the policies were applied, enough for any devices that don't fulfill Policy2's conditions to be marked as not compliant. However, Device2 meets the requirements and can be considered complaint regardless. Policy3 on the other hand, requires encryption, which Device2 does not have. But since devices will only be marked as not compliant by that policy after a 10 day grace period, it would still be considered complaint until a few more days pass. If either Policy2 OR Policy3 marked Device2 as non-compliant, the device would be considered non-complaint as a whole. But with my thinking, on June 9th, both policies would consider the device as compliant. The answer sheet disagrees with me. What am I misunderstanding about how these policies are applied? Thank you for the help.1.9KViews0likes1Comment
Groups
Recent Blog Articles
No content to show