AZ-140 Question #120: Real Exam Question with Answer & Explanation

Question

Your network contains an on-premises Active Directory domain named contoso.com that syncs to an Azure Active Directory (Azure AD) tenant. You have an Azure Virtual Desktop host pool named Pool1 that has the following settings: Host pool name: Pool1 Host pool type: Personal Load balancing algorithm: Breadth-first Number of VMs: 3 The session hosts have the following configurations: Image used to create the virtual machines: Windows 10 Enterprise Virtual machines domain-joined to: On-premises contoso.com domain You need to ensure that you can use Microsoft EndPoint Manager to manage security update on the session hosts. What should you do?

Options

• ACreate Windows 10 Enterprise multi-session images
• BConfigure the session hosts as hybrid Azure AD-joined
• CChange Host pool type to Pooled
• DChange Load balancing algorithm to Depth-first

Explanation

Microsoft Endpoint Manager (Intune) can manage devices that are either Azure AD-joined or hybrid Azure AD-joined. The session hosts in this scenario are only joined to the on-premises contoso.com domain - they are not visible to Azure AD or Intune. By configuring them as hybrid Azure AD-joined, the devices register with Azure AD while retaining their on-premises domain membership. This allows Intune to enroll and manage them for security update policies. Switching to multi-session Windows images (A) or changing pool type/load balancing (C, D) would not enable Intune management on their own; hybrid Azure AD join is the identity prerequisite.

No community discussion yet for this question.