Enable Microsoft Defender Application Guard for Windows 10 Devices | Exam MS-500: Microsoft 365 Security Administration | Provider: Microsoft

Enable Microsoft Defender Application Guard

Prev Question Next Question

Question

You have configured Defender for Endpoint for your Windows 10 devices managed by Microsoft Endpoint Manager.

You wish to enable Microsoft Defender Application Guard.

Which Device configuration profile should you choose?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

You can enable Microsoft Defender Application Guard by using the Endpoint Manager Endpoint Protection configuration profile:

Home > Security > Identity Protection [a] Identity Protection | MFA registration policy P Search (Ctrl+, « bolicy Name © overview Multi-factor authentication registration policy X _ Diagnose and solve problems Assignments Protect 2 Users & User risk policy All users & Sign-in risk policy Controls © Mra registration policy Require Azure AD MFA registration Report ha Risky users D. Risky sign-ins A. Risk detections
n policy Choose the number of days before a user's password will expire, and the number of days before they're notified about an upcoming password expiration. The policy applies to everyone in your organization. Password expira‘ Learn more about password policy recommendations @ Set user passwords to expire after a number of days Days before passwords expire * [20
Summary Namet Helpdesk administrator Users with this role can change passwords, invalidate refresh tokens, manage service requests, and monitor service health. invalidating a refresh token forces the user to sign in again. Helpdesk administrators can reset passwords and invalidate refresh tokens of other users who are non-administrators or assigned the following roles only: Directory Readers Guest inviter Helpdesk Administrator Message Center Reader Password Administrator Reports Reader Template ID: 729827e3-9c14-4917-bb1b-9608/156bbb8 Related articles: Assigning administrator roles in Azure Active Directory Role permissions microsoft.directory/bitlockerkeys/key/read Read bitlocker key on devices. microsoft.directory/users/invalidateallRefreshTokens Invalidate all user refresh tokens in Azure Active Directory. microsoft.directory/users/password/update Reset passwords for all users, microsoftazure.serviceHealth/allentities/allTasks Read and configure Azure Service Health. microsoftazure.supportTickets/allEntities/allTasks Create and manage Azure support tickets for directory-level services. microsoftoffice365 serviceHealth/allentities/allTasks Read and configure Office 365 Service Health, microsoftoffice365 supportTickets/allentities/allTasks Create and manage Office 365 support tickets. microsoft.office365.webPortal/allntities/standard/read Read basic properties on all resources in microsoft office365.webPortal.

These policies help protect your users by opening untrusted web sites

in a secure isolated container that isn't accessible by other parts of the operating system.

Option A is incorrect.

The Identity Protection profile lets you manage Windows Hello for Business settings on Windows devices.

Option B is incorrect.

The SCEP certificate profile lets you put up a Simple Certificate Enrollment Protocol (SCEP) certificate to enable certificate-based authentication.

Option C is incorrect.

Secure assessment is an education profile which features includes the Take a Test app and settings to add a test URL and choose how end-users sign into the test.

To know more about Microsoft Defender Application Guard, please refer to the link below:

To enable Microsoft Defender Application Guard for Windows 10 devices managed by Microsoft Endpoint Manager, you should choose the "Endpoint Protection" device configuration profile.

Microsoft Defender Application Guard is a security feature that helps protect against malware and other attacks by isolating Microsoft Edge browsing sessions from the device and network. It creates a virtualized environment in which Edge runs in a sandboxed container, preventing any malware or other malicious code from reaching the underlying device or network.

To configure this feature, you can use the Endpoint Protection profile in Microsoft Endpoint Manager, which provides centralized management for Windows Defender Antivirus and other security features on Windows 10 devices.

To enable Application Guard using the Endpoint Protection profile, you need to follow these steps:

  1. Sign in to the Microsoft Endpoint Manager admin center.
  2. Navigate to Devices > Configuration profiles and select "Create profile".
  3. Choose the "Endpoint Protection" profile type and configure the profile settings as desired.
  4. Under the "Windows Defender Application Guard" section, configure the settings to enable the feature and specify any custom settings you require.
  5. Assign the profile to the appropriate group of devices, then save and deploy the profile.

Note that to use Application Guard, you need to have Windows 10 Pro, Enterprise, or Education edition and have virtualization enabled in the device's BIOS. Additionally, the device must have the hardware and firmware support for virtualization-based security (VBS) and the security feature control (SEC) processor feature.

Prev Question Next Question