Exam MS-203 topic 1 question 36 discussion

The mobile device mailbox policy created from EAC does not distinguish between iOS and Android. However, a mobile device access rule allows the selection of a device family (Android, BlackBerry, iPhone etc.) IMHO, the answer is B

As far as I know this option is only available in PowerShell New-MobileDeviceMailboxPolicy and not in the Exchange Admin. So the answer is not so accurate but the most closest!

B is correct

B. From the Exchange admin center, create a mobile device access rule. This option allows you to specify the conditions under which mobile devices can synchronize with your Exchange mailboxes, including the requirement to use a specific app such as Outlook for iOS.

B is correct

IT should be B. Device Access Policies (former Rules) can do block everything and then allow Outlook for iOS and Android only. https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#device-access-policy

It looks to me that if device access rule is applied all the device in the chosen device family cannot access Exchange regardless of the client. C looks more like it but could not get to the answer... https://learn.microsoft.com/en-us/powershell/module/exchange/new-deviceconfigurationpolicy?view=exchange-ps

B is correct: You can restrict iPhones from connecting. D: is about passwords A & C are about M365, but this is about Exchange Server 2019 New-DeviceConfigurationRule Use the New-DeviceConfigurationRule cmdlet to create mobile device configuration rules in Basic Mobility and Security in Microsoft 365. New-DeviceConditionalAccessPolicy Use the New-DeviceConditionalAccessPolicy cmdlet to create mobile device conditional access policies in Basic Mobility and Security in Microsoft 365. Source: https://learn.microsoft.com/en-us/powershell/module/exchange/new-deviceconditionalaccesspolicy?view=exchange-ps https://learn.microsoft.com/en-us/powershell/module/exchange/new-deviceconfigurationrule?view=exchange-ps

Topic 1, question 59 demonstrates how to do this. The least wrong answer appears to be C.

This requirement can be implemented using device-based conditional access policy in Microsoft Intune or Azure Active Directory. The policy can be configured to allow access to Exchange Online email only from the Outlook for iOS app, and block access from other email clients. This helps ensure that all email communication and data is protected by the security and compliance features of the approved app

A would be the best choice. The default policy only includes password parameters.

In question 7 the most voted answer was to create a conditional access policy. Why is this different? One question was about Android and the other about iOS but the premise is exactly the same...

from powershell we see that New-ActiveSyncDeviceAccessRule does not have parameters that restrict app usage while New-MobileDeviceMailboxRule does (although for every device regardless of OS but to fulfill the requirement it does not matter if we restrict some Android apps or we could just include a variety of android apps in the -approvedapplicationlist parameter). the answer is D

Agree on B.

This can only be done with powershell Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Block Create an allow rule for Outlook for iOS and Android New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Allow So all answers are wrong this is all wrong choices

A is Correct Answer: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android

B makes more logical sense