Microsoft Endpoint Administrator — Question 199

You have a Microsoft 365 E5 subscription.

You use Microsoft Intune to manage all Windows 11 devices.

You create an attack surface reduction (ASR) policy named Profile1 based on the Attack Surface Reduction Rules profile and assign Profile1 to all the devices.

A user reports that an Adobe Reader plug-in is now blocked.

You need to ensure that the plug-in is unblocked.

What should you do?

Answer options

• A. Create an Endpoint Privilege Management policy and assign the policy to all the devices.
• B. Add a scope tag to Profile1.
• C. Configure ASR Only Per Rule Exclusions in Profile1.
• D. Create a device compliance policy and assign the policy to all the devices.

Correct answer: C

Explanation

The correct answer is C because configuring ASR Only Per Rule Exclusions allows specific applications, like the Adobe Reader plug-in, to bypass the ASR rules. The other options do not directly address the need to exclude the plug-in from the ASR policy, making them ineffective for this situation.