What are the effective settings on the devices?

HOTSPOT

You have the MDM Security Baseline profile shown in the MDM exhibit. (Click the MDM tab.)

You have the ASR Endpoint Security profile shown in the ASR exhibit. (Click the ASR tab.)

You plan to deploy both profiles to devices enrolled in Microsoft Intune.

You need to identify how the following settings will be configured on the devices:

✑ Block Office applications from creating executable content

✑ Block Win32 API calls from Office macro

Currently, the settings are disabled locally on each device.

What are the effective settings on the devices? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Box 1: Audit mode

According to the ASR Endpoint Security profile and to the MDM Security Baseline profile, Block Office applications from creating executable content is set to Audit mode.

Box 2: Disable

Block Win32 API calls from Office macro: According to MDM Security Baseline profile it is set to disable. According to the ASR Endpoint Security profile it is set to Audit mode.

The profiles are merged. The Baseline profile overrides the Endpoint Security profile.

Note:

When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.

Attack surface reduction rule merge behavior is as follows:

Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline > Attack Surface Reduction Rules.

MDM Security Baseline profile ASR Endpoint Security profile.