ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 83 discussion

Actual exam question from Microsoft's MS-102
Question #: 83
Topic #: 1
[All MS-102 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The devices are configured as shown in the following table.

You have a Conditional Access policy named CAPolicy1 that has the following settings:

Assignments -
Users or workload identities: Group1
Cloud apps or actions: Office 365 SharePoint Online

Conditions -
Filter for devices: Exclude filtered devices from the policy
Rule syntax: device.displayName -startsWith "Device"

Access controls -

Grant -

Grant: Block access -

Session: 0 controls selected -

Enable policy: On -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by hogehogehoge at Aug. 24, 2023, 9:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amurp35
Highly Voted 1 year, 7 months ago
read the policy like this: "exclude from the block if the device starts with "device"". The first device is not registered. It is not, therefore, excluded from the block as it is not analyzed. It is blocked. The next two devices, however, are excluded from the block. N/Y/Y
upvoted 60 times
Khanbaba43
8 months, 2 weeks ago
Amurp35, You should take up teaching as a profession. *thumbs up*
upvoted 1 times
...
Paul_white
1 year, 7 months ago
MY BROTHER YOU ARE TOO GOOD!!!!! EXCELLENT RESPONSE
upvoted 7 times
...
ghjbhj
1 year, 7 months ago
Correct, https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices#policy-behavior-with-filter-for-devices Unregistered device + positive operators = filter not applied If the filter does not apply, the device is not excepted from the block policy and is therefor blocked. N/Y/Y
upvoted 6 times
Motanel
1 year ago
But if the filter is not applied, then the default will be applied, which is allow, right?
upvoted 1 times
...
...
ThomasMcThomasface
1 year, 6 months ago
This translation is so very useful to me. Thank you so much. We need more people like you
upvoted 2 times
...
...
EubertT
Most Recent 3 weeks ago
Access Evaluation: User1 can access Site1 from Device1 User1 is in Group1 Device1 is not Azure AD joined, thus not excluded → Blocked ✅ Answer: No User2 can access Site1 from Device2 User2 is in Group1 Device2 is Azure AD joined and matches exclusion filter → Allowed ✅ Answer: Yes User2 can access Site1 from Device3 Device3 is Registered (not joined), not excluded User2 is in Group1 → Blocked by policy ✅ Answer: No ✅ Final Answers: User1 can access Site1 from Device1 → No User2 can access Site1 from Device2 → Yes User2 can access Site1 from Device3 → No ______________________________________________
upvoted 1 times
...
Khanbaba43
8 months ago
Exlude filtered devices. 1. Device 1 not filtered and is not excluded from the block, hence blocked and CANNOT access the site. 2. Dev 2 & 3 are filtered and are excluded from the block, hence not blocked and CAN access the site.
upvoted 1 times
...
Khanbaba43
8 months, 2 weeks ago
User1: Is not excluded from the block, so the block stays, hence can't access Site1. User2 & User3: Are excluded from the block, so no block applied, hence they can access Site1. My answer: NYY
upvoted 1 times
...
Moazzamfarooqiiii
1 year, 2 months ago
All the devices are called Device so there is a filter to exclude device. They all have device name So does that not mean YYY
upvoted 1 times
...
692a0df
1 year, 3 months ago
Y/Y/Y for me... First one: my reading on this - as the device is not registered in Azure AD then the CAP does not apply. Then it's down to the Global settings (Sharepoint Admin -> Policies -> Access Control -> Unmanaged Device) for unmanaged devices (see link) which by default is set to 'Allow full access'. https://learn.microsoft.com/en-US/sharepoint/control-access-from-unmanaged-devices?WT.mc_id=365AdminCSH_spo
upvoted 2 times
SBGM
1 year, 3 months ago
CA Policy does apply to every user, and because the device is unregistered it is not query'd for it's name so the policy does NOT filter him out, meaning the device will be blocked.
upvoted 1 times
...
...
daye
1 year, 5 months ago
but... a non Azure AD device cannot be applied by a Conditional Access, therefore it won't validate it, so it won't be blocked. In other words, it's a cloud solution for a non cloud identity device. Am I missing something?
upvoted 1 times
daye
1 year, 5 months ago
ah ok, I just get the ghjbhj comment. Unregistered device + positive operators = filter not applied = blocked
upvoted 1 times
...
...
hogehogehoge
1 year, 8 months ago
This answer is correct. Device1 is not registerd in Azure AD. In this case, Device filter is not enable. So Device1 is blocked.
upvoted 1 times
spectre786
1 year, 7 months ago
I think the policy is there to Block Access not to allow. So whoever is targeted by this policy, should be blocked. So the answer should be Y/N/N , right ?
upvoted 8 times
CheMetto
1 year, 6 months ago
it's block, you are right, but CA condition said "Exclude device that start with Device", so NYY
upvoted 1 times
...
PhoenixMan
1 year, 7 months ago
Yes I think the same, the policy block access and the answer should be Y/N/N
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago