Microsoft 365 Endpoint Administrator Associate MD-102 Practice Question
You manage Windows 11 devices enrolled in Microsoft Intune. The organization allows Windows Hello for Business sign-in only when the private key is hardware-bound to a TPM 2.0 chip and must block software-based credentials. Within an Intune Identity protection device configuration profile, which setting should you configure to enforce this requirement?
Set the Use a Trusted Platform Module (TPM) setting to Require
Set the Use security keys for sign-in setting to Enforce
Enable the Use enhanced anti-spoofing for facial recognition setting
Disable the Allow biometric authentication setting
Requiring the Trusted Platform Module setting forces Windows Hello for Business to create keys in the device's TPM. If a TPM 2.0 is not present, Windows Hello for Business will not be provisioned, effectively blocking software-based (software-only) credentials.
Requiring a TPM enforces hardware-bound keys, meeting the security mandate.
Enforcing security keys for sign-in applies to FIDO2 keys, not to Windows Hello for Business TPM keys.
Disabling biometric authentication only prevents fingerprint or facial recognition; users could still create a software-based PIN.
The anti-spoofing setting hardens facial recognition but does not ensure that credentials are stored in a TPM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TPM 2.0 and why is it important for Windows Hello for Business?
Open an interactive chat with Bash
How does the Intune Identity protection profile enforce TPM requirements?
Open an interactive chat with Bash
What does Windows Hello for Business provide beyond TPM-based credentials?
Open an interactive chat with Bash
Microsoft 365 Endpoint Administrator Associate MD-102
Prepare infrastructure for devices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .