HOTSPOT You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Microsoft_MS-102/page_242_img_1.jpg The device compliance policies in Endpoint Manager are configured as shown in the following table. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Microsoft_MS-102/page_242_img_2.jpg The device compliance policies have the assignments shown in the following table. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Microsoft_MS-102/page_242_img_3.jpg For each of the following statements, select Yes if the statement Is true. Otherwise, select No. NOTE: Each correct selection is worth one point. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Microsoft_MS-102/page_242_img_4.jpg

YES, YES, NO. Device1 and Device2 both fall under policies requiring BitLocker with a 10-day grace (since the shortest period applies). Device3 doesn’t have BitLocker enforced so it stays compliant. Seen similar questions on practice sets.

Question 3 - Actual MS-102 Real Exam Questions [Jan 2026 Update]- Microsoft 365 Administrator

Q: 3

HOTSPOT You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table. The device compliance policies in Endpoint Manager are configured as shown in the following table. The device compliance policies have the assignments shown in the following table. For each of the following statements, select Yes if the statement Is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Your Answer

Correct Answer:

YES

Explanation

Device1 is a member of Group2 and is assigned Policy2. Policy2 requires BitLocker and sets the noncompliance grace period to 10 days. Since BitLocker is disabled, Device1 is noncompliant and will be marked as such after 10 days.

Device2 is a member of Group2 (assigned Policy2: 10 days) and Group3 (assigned Policy3: 15 days). The device is noncompliant with Policy2 (BitLocker is required but disabled). When multiple policies apply and a device is noncompliant with one or more, the most restrictive settings apply. In this context, the shortest noncompliance grace period is 10 days (from Policy2).

Device3 is a member of Group3 and is assigned Policy3. Policy3 has "Require BitLocker" set to Not configured. Therefore, Device3 is compliant with Policy3's configuration regarding BitLocker being disabled. It will not be marked noncompliant based on the BitLocker requirement of Policy3.

References

Official vendor documentation (Microsoft Endpoint Manager/Intune Compliance Policies):

Reference: Microsoft Documentation on Device Compliance Policies, Section: "How compliance policy settings work" and "Conflict Resolution."

Content: States that if a device is assigned multiple policies, all policies are evaluated, and the device must comply with all of them. If multiple policies have conflicting settings, the device takes the most restrictive setting. For grace periods, the shortest time (most restrictive) is applied for marking the device as noncompliant if it fails a required setting. A "Not configured" setting does not enforce a requirement.

Official vendor documentation (Microsoft Intune Configuration Service Provider (CSP) Reference):

Reference: Microsoft Windows Client Management documentation, CSP for BitLocker (BitLocker CSP).

Content: Defines the 'Require BitLocker' setting in compliance policies. The 'Not configured' state means the setting is not evaluated as a requirement for compliance by that specific policy.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE