You have a Microsoft 365 E5 subscription. You purchase the following types of devices: • Windows • Android • iOS You plan to enroll the devices in Microsoft Intune. You need to configure enrollment restrictions. For which device types can you configure device manufacturer restrictions?
Official docs and compliance policy guides usually get you through these drag-and-drops. For this one, it's: Device 1 - Require Secure Boot, Device2 - Prevent jailbroken devices, Device3 - Prevent rooted devices. Pretty sure that's what exam practice sets mention too.
Practice tests cover this exact setup a lot. Device 1 needs Secure Boot, Device2 is all about blocking jailbroken iOS, and Device3 should block rooted Android. Trusted build focus makes BitLocker the wrong pick for Windows here (seen this on official guides too). Agree?
