Configuring and Operating Windows Virtual Desktop on Microsoft Azure v1.0 (AZ-140)

Page:    1 / 10   
Total 148 questions

HOTSPOT -
Your company has the offices shown in the following table.


The company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
Users connect to a Azure Virtual Desktop deployment named WVD1. WVD1 contains session hosts that have public IP addresses from the 52.166.253.0/24 subnet.
Contoso.com has a conditional access policy that has the following settings:
✑ Name: Policy1
✑ Assignments:
- Users and groups: User1
- Cloud apps or actions: Azure Virtual Desktop
✑ Access controls:
- Grant: Grant access, Require multi-factor authentication
✑ Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Users GPO settings.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Computers GPO settings.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Session behavior settings in the RDP Properties of Pool1.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

You have an Azure Virtual Desktop deployment.
You have a RemoteApp named App1.
You discover that from the Save As dialog box of App1, users can run executable applications other than App1 on the session hosts.
You need to ensure that the users can run only published applications on the session hosts.
What should you do?

  • A. Configure a conditional access policy in Azure Active Directory (Azure AD).
  • B. Modify the Access control (IAM) settings of the host pool.
  • C. Modify the RDP Properties of the host pool.
  • D. Configure an AppLocker policy on the session hosts.


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide

HOTSPOT -
You have an Azure Virtual Desktop Deployment that contains a workspace named Workspace1 and a user named User1. Workspace1 contains a Desktop application group named Pool1Desktop.
At 09:00, you create a conditional access policy that has the following settings:
✑ Assignments:
- Users and groups: User1
- Cloud apps or actions: Azure Virtual Desktop
- Conditions: 0 conditions selected
✑ Access controls
- Grant: Grant access, Require multi-factor authentication
- Sessions: Sign-in frequency 1 hour
User1 performs the actions shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa

You deploy an Azure Virtual Desktop session host pool that includes ten virtual machines.
You need to provide a group of pilot users access to the virtual machines in the pool.
What should you do?

  • A. Create a role definition.
  • B. Add the users to a Remote Desktop Users group on the virtual machines.
  • C. Add the users to the local Administrators group on the virtual machines.
  • D. Create a role assignment.


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/delegated-access-virtual-desktop

You have an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com.
You create an Azure Virtual Desktop host pool named Pool1. You assign the Virtual Machine Contributor role for the Azure subscription to a user named Admin1.
You need to ensure that Admin1 can add session hosts to Pool1. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Assign Admin1 the Desktop Virtualization Host Pool Contributor role for Pool1
  • B. Assign Admin1 the Desktop Virtualization Session Host Operator role for Pool1
  • C. Add Admin1 to the AAD DC Administrators group
  • D. Assign a Microsoft 365 Enterprise E3 license to Admin1
  • E. Generate a registration token


Answer : BE

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Advanced settings in the RDP Properties of Pool1.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

You have a hybrid Azure Active Directory (Azure AD) tenant.
You plan to deploy an Azure Virtual Desktop personal host pool. The host pool will contain 15 virtual machines that run Windows 10 Enterprise. The virtual machines will be joined to the on-premises Active Directory domain and used by the members of a domain group named Department1.
You need to ensure that each user is added automatically to the local Administrators group on the virtual machine to which the user signs in.
What should you configure?

  • A. a role assignment for the host pool
  • B. a role assignment for each virtual machine
  • C. a policy preference in a Group Policy Object (GPO)
  • D. a device setting in Azure AD


Answer : A

Explanation:
Configure direct assignment.
Unlike automatic assignment, when you use direct assignment, you must assign the user to both the personal desktop host pool and a specific session host before they can connect to their personal desktop. If the user is only assigned to a host pool without a session host assignment, they won't be able to access resources and will see an error message that says, "No resources available."
To directly assign a user to a session host in the Azure portal:
1. Sign in to the Azure portal.
2. Enter Azure Virtual Desktop into the search bar.
3. Under Services, select Azure Virtual Desktop.
4. At the Azure Virtual Desktop page, go the menu on the left side of the window and select Host pools.
5. Select the host pool you want to assign users to.
6. Next, go to the menu on the left side of the window and select Application groups.
7. Select the name of the app group you want to assign users to, then select Assignments in the menu on the left side of the window.
8. Select + Add, then select the users or user groups you want to assign to this app group.
9. Select Assign VM in the Information bar to assign a session host to a user.
10.Select the session host you want to assign to the user, then select Assign. You can also select Assignment > Assign user.
11.Select the user you want to assign the session host to from the list of available users.
12.When you're done, select Select.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-type

HOTSPOT -
You have two Azure subscriptions that are linked to an Azure Active Directory (Azure AD) tenant named contoso.com and contain an Azure Virtual Desktop deployment. The tenant contains a user named User1.
When User1 signs in to Azure Security Center, the user receives the message shown in the following exhibit.


You need to ensure that User1 can manage security information for the tenant. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Box 1: Security administrator for contoso.com
Incorrect:
* Not at the subscription level, as there are two subscriptions.
* Not Root management group level
Each directory is given a single top-level management group called the root management group. The root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level.
Box 2: Privileged Role Administrator
You need to ensure that User1 can manage security information for the tenant.
Privileged Role Administrator - Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management.
Incorrect:
* External Identity Provider Administrator
This administrator manages federation between Azure AD organizations and external identity providers. With this role, users can add new identity providers and configure all available settings (e.g. authentication path, service ID, assigned key containers). This user can enable the Azure AD organization to trust authentications from external identity providers.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.


The on-premises Active Directory domain contains the users shown in the following table.

The Azure AD tenant contains the cloud-only users shown in the following table.

Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.

Existing Infrastructure. Remote Desktop Infrastructure
Contoso has a Remote Desktop infrastructure shown in the following table.


Requirements. Planned Changes -
Contoso plans to implement the following changes:
Implement FSLogix profile containers for the Paris offices.
Deploy an Azure Virtual Desktop host pool named Pool4.
Migrate the RDS deployment in the Seattle office to Azure Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
Host pool type: Pooled
Max session limit: 7
Load balancing algorithm: Depth-first
Images: Windows 10 Enterprise multi-session
Virtual machine size: Standard D2s v3
Name prefix: Pool4
Number of VMs: 5
Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
For the Azure Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
For the Azure Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
Enable Operator2 to modify the RDP Properties of the Azure Virtual Desktop deployment in the Montreal office.
From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
Ensure that the Pool1 virtual machines only run during business hours.
Use the principle of least privilege.

Which role should you assign to Operator2 to meet the technical requirements?

  • A. Desktop Virtualization Session Host Operator
  • B. Desktop Virtualization Host Pool Contributor
  • C. Desktop Virtualization User Session Operator
  • D. Desktop Virtualization Contributor


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.


The on-premises Active Directory domain contains the users shown in the following table.

The Azure AD tenant contains the cloud-only users shown in the following table.

Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.

Existing Infrastructure. Remote Desktop Infrastructure
Contoso has a Remote Desktop infrastructure shown in the following table.


Requirements. Planned Changes -
Contoso plans to implement the following changes:
Implement FSLogix profile containers for the Paris offices.
Deploy an Azure Virtual Desktop host pool named Pool4.
Migrate the RDS deployment in the Seattle office to Azure Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
Host pool type: Pooled
Max session limit: 7
Load balancing algorithm: Depth-first
Images: Windows 10 Enterprise multi-session
Virtual machine size: Standard D2s v3
Name prefix: Pool4
Number of VMs: 5
Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
For the Azure Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
For the Azure Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
Enable Operator2 to modify the RDP Properties of the Azure Virtual Desktop deployment in the Montreal office.
From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
Ensure that the Pool1 virtual machines only run during business hours.
Use the principle of least privilege.


HOTSPOT -
Which users can create Pool4, and which users can join session hosts to the domain? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.


All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes -
Litware plans to implement the following changes:
Deploy Azure Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
Implement FSLogix profile containers.
Optimize the custom virtual machine images for the Azure Virtual Desktop session hosts.
Use PowerShell to automate the addition of virtual machines to the Azure Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
Enforce Azure MFA when accessing Azure Virtual Desktop apps.
Force users to reauthenticate if their Azure Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
Explicitly allow traffic between the Azure Virtual Desktop session hosts and Microsoft 365.
Explicitly allow traffic between the Azure Virtual Desktop session hosts and the Azure Virtual Desktop infrastructure.
Use built-in groups for delegation.
Delegate the management of app groups to Admin2, including the ability to publish app groups to users and user groups.
Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
Minimize administrative effort to manage network security.
Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
Use PowerShell to generate the token used to add the virtual machines as session hosts to an Azure Virtual Desktop host pool.
Minimize how long it takes to provision the Azure Virtual Desktop session hosts based on the custom virtual machine images.
Whenever possible, preinstall agents and apps in the custom virtual machine images.

User Profile Requirements -
Litware identifies the following user profile requirements:
In storage1, store user profiles for the Boston office users.
Ensure that the user profiles for the Boston office users replicate synchronously between two Azure regions.
Ensure that Admin1 uses a local profile only when signing in to the Azure Virtual Desktop session hosts.

You need to recommend an authentication solution that meets the performance requirements.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Join all the session hosts to Azure AD.
  • B. In each Azure region that will contain the Azure Virtual Desktop session hosts, create an Azure Active Directory Domain Service (Azure AD DS) managed domain.
  • C. Deploy domain controllers for the on-premises Active Directory domain on Azure virtual machines to the new sites..
  • D. Deploy read-only domain controllers (RODCs) on Azure virtual machines to the new sites.
  • E. In each Azure region that will contain the Azure Virtual Desktop session hosts, create an Active Directory site.


Answer : CE

Reference:
https://www.compete366.com/blog-posts/how-to-implement-azure-windows-virtual-desktop-wvd/ https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.


All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes -
Litware plans to implement the following changes:
Deploy Azure Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
Implement FSLogix profile containers.
Optimize the custom virtual machine images for the Azure Virtual Desktop session hosts.
Use PowerShell to automate the addition of virtual machines to the Azure Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
Enforce Azure MFA when accessing Azure Virtual Desktop apps.
Force users to reauthenticate if their Azure Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
Explicitly allow traffic between the Azure Virtual Desktop session hosts and Microsoft 365.
Explicitly allow traffic between the Azure Virtual Desktop session hosts and the Azure Virtual Desktop infrastructure.
Use built-in groups for delegation.
Delegate the management of app groups to Admin2, including the ability to publish app groups to users and user groups.
Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
Minimize administrative effort to manage network security.
Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
Use PowerShell to generate the token used to add the virtual machines as session hosts to an Azure Virtual Desktop host pool.
Minimize how long it takes to provision the Azure Virtual Desktop session hosts based on the custom virtual machine images.
Whenever possible, preinstall agents and apps in the custom virtual machine images.

User Profile Requirements -
Litware identifies the following user profile requirements:
In storage1, store user profiles for the Boston office users.
Ensure that the user profiles for the Boston office users replicate synchronously between two Azure regions.
Ensure that Admin1 uses a local profile only when signing in to the Azure Virtual Desktop session hosts.


DRAG DROP -
You need to ensure that you can implement user profile shares for the Boston office users. The solution must meet the user profile requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:



Answer :

Reference:
https://www.christiaanbrinkhoff.com/2020/03/01/learn-here-how-to-configure-azure-files-with-active-directory-ad-authentication-for-fslogix-profile-container-and- msix-app-attach/

Page:    1 / 10   
Total 148 questions