Microsoft Endpoint Administrator — Question 154

You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices that run Windows 11.

You need to remove User1 from the local Administrators group on all enrolled devices.

What should you configure?

Answer options

• A. a device compliance policy
• B. an account protection policy
• C. an app configuration policy

Correct answer: B

Explanation

The correct answer is B, as an account protection policy allows you to manage user roles and permissions, which includes removing users from local Administrators groups. Option A, a device compliance policy, is used to ensure devices meet certain compliance requirements, and option C, an app configuration policy, focuses on configuring applications rather than user permissions.