Exam MS-101 topic 3 question 113 discussion

I would go for N,N,N. Device1: has a risk status of High and is required to be under Low risk score due to Policy3 so not compliant Device2: has a risk status of Medium and is required to be under Low risk score due to Policy3 so not compliant Device3: has a risk status of Low and is required to be under Medium risk score due to Policy2 but is not compliant because Policy1 requires Bitlocker which is not configured.

Without concerning the scores high, medium and low (not sure if that has any influence): - Device 1: Y - Device has bitlocker configured - Device 2: N - Policy 3 requires bitlocker - Device 3: N - Policy 1 requires bitlocker

I go with N-N-N

I think it's N,N,N. Device compliance policies don't have a priority to determine which policy is applied, like you would see with group policy in A.D. Device compliance policies, when a device has more than one policy applied, has to be compliant on all policies in order for it to pass all the measured tests. When a policy is applied that the device isn't compliant with, then all the policies applied are moved to that level and the device is marked as non-compliant. Here is the policy ranking. The higher the severity, the less likely it is that the device is compliant. Status Severity ======================= Unknown 1 NotApplicable 2 Compliant 3 InGracePeriod 4 NonCompliant 5 Error 6 Reference: https://docs.microsoft.com/en-us/mem/intune/protect/create-compliance-policy

The answer is correct, YYN. The wording of the machine risk score states "be at" or "under." I interpret this phrase as the Machine Risk Score as equal or lower than. Y - Policy1 takes precedence. Device 1 meets Bitlocker and Machine Risk Score requirements. Y - Policy2 takes precedence. Device 2 meets Bitlocker and Machine Risk score requirements. N - Policy1 takes precedence. Device3 fails on Bitlocker requirement.

Doesn't Device 2 fail policy 3? Hence, be marked as non-compliant. Therefore, NO should be the answer.