1212 Ch11.2-13.2: Device Configuration Profiles in Intune

Questions and Answers

What is one benefit of using device configuration profiles in an organization?

• They require manual configuration for each device.
• They help ensure compliance and consistency with device settings. (correct)
• They necessitate frequent updates from users.
• They can only be used for Windows devices.

Which platforms can custom device profiles be applied to?

• Only iOS and Android
• Only Windows 10 and above
• Any operating system available
• Android, iOS, macOS, and Windows 10 and above (correct)

What occurs when assigning a device configuration profile to a device group?

• Settings are only applied when a specific user logs in.
• Settings are applied to all users regardless of their logins. (correct)
• Settings must be confirmed by the user before application.
• Settings will apply only to dedicated devices for exclusive users.

How can an administrator create exceptions when deploying device profiles?

By specifying that exclusions take precedence over inclusions. (C)

What is the purpose of Microsoft's kiosk mode?

To restrict a device's use to a single application in a controlled environment. (D)

What is a key feature of device configuration profiles in the context of security?

They improve device security by applying consistent settings. (C)

What is an advantage of using a web-based management interface for device profiles?

It allows for real-time updates and edits to profiles. (D)

What happens when the retire action is selected for a device in Intune?

Managed app data is removed. (A)

What is the primary purpose of kiosk mode?

To run a specified application above the lock screen (C)

How often do devices typically check for updates when managed by Intune?

Every 8 hours. (C)

Which devices can be managed through Microsoft Tunnel for Intune?

Windows, Android, iOS, and macOS devices (A)

What feature does Azure Monitor provide for identifying abnormal patterns?

Alerts to administrators. (C)

What can Azure Endpoint Analytics help administrators with?

Troubleshooting connected devices. (A)

What is the first step in managing a device's lifecycle with Intune?

Device enrollment (A)

Which operating systems can be managed with Microsoft Intune?

Windows, Android, macOS, and Linux. (C)

What happens when the wipe action is selected on a device in Intune?

Device is restored to factory settings (D)

What does Intune ensure when using the 'Wipe device' option?

The reset will be retried until successful. (B)

What capability allows users to enroll their devices in Intune themselves?

Company portal (C)

Which feature of Intune supports secure access to corporate resources for remote users?

Microsoft Tunnel (D)

What is the primary function of Intune as a mobile device management tool?

Managing device policies and configurations. (B)

What does the 'retain enrollment state and user account' checkbox do during the wipe process?

Preserves user data on the device (A)

What benefits does Azure Monitor offer to administrators?

Customization of dashboards and alerts. (C)

What kind of devices can be enrolled using Intune?

Personal and corporate-owned PCs and tablets (D)

What action is NOT taken when a device is retired from Intune Management?

The device is permanently deleted. (C)

What management tasks can Intune perform regarding device updates?

Deploy operating systems and software updates (D)

Flashcards

Device Configuration Profiles

Pre-set settings that manage devices in an organization, including features and settings that can be enabled or disabled.

Custom Device Configuration Profiles

Device profiles created in the Microsoft Endpoint Management admin center if built-in settings don't fit the organization's needs.

Device Group Assignment (Profiles)

Applying a device profile to a group of devices, affecting all users who use those devices.

User Group Assignment (Profiles)

Applying a device profile to a group of users, affecting their devices regardless of device types.

Profile Exclusions

Preventing certain user or device groups from getting a specific profile, overriding inclusion.

Kiosk Mode

A restricted device configuration that allows use for only one application.

Intune Management

A web-based platform utilized for managing device configuration profiles.

Microsoft Tunnel for Intune

A service that enables secure access to corporate resources from outside the corporate network.

Device Lifecycle Management

Managing a device from enrollment and configuration to its eventual retirement, including updates and security.

Device Enrollment

The process of adding a device to Intune's management system, allowing for configuration and control.

Corporate-owned devices

Devices owned by a company and used by employees, managed by the company's Intune system.

Intune

A Microsoft service for managing and securing devices, and other applications.

Device Retirement

The process of removing a device from service, often including wiping all data for security.

User Data Retention

Option to keep user data during device wipe or retirement.

Personal Devices

Devices owned by employees that are enrolled in corporate systems, for specific use cases.

Device Wipe (Intune)

A complete reset of a device, removing all settings, applications, and user data. This can be crucial for security or troubleshooting.

Wipe Device Option

A setting that ensures a device reset will complete, even if power is lost during the process.

Intune MDM

A cloud-based mobile device management tool used for managing Windows, Android, iOS, and more.

Intune Device Enrollment

The process of adding a device to Microsoft Intune, granting it to the management service and enabling monitoring.

Azure Monitor

A cloud monitoring service that tracks devices for performance, compliance, and security, using machine learning.

Endpoint Analytics

A service that gives details about connected devices, useful to troubleshoot and enhance performance, for Windows devices (10 and greater).

Policy Updates (Intune)

The process of changing and deploying updated policies to devices in real-time, ensuring all devices follow the latest company guidelines.

Update Monitoring (Intune)

The ability to oversee update installation progress, viewing pending updates for devices under Intune control.

Intune Policy Version Updates

Intune automatically updates a policy version, and notifies devices. Devices check for these updates regularly (every 8 hours by default).

Study Notes

Device Configuration Profiles

• Intune allows creating profiles to enable or disable device settings.
• Profiles use a web-based interface for management.
• Settings can be changed and edited at any time.
• Profiles work on various platforms like Android, iOS, and Windows.
• Profiles are linked to Azure AD groups.
• Configuration baselines are used, reducing potential mistakes.
• Profiles ensure device compliance and consistency.
• Profiles improve device security.
• Profiles can be configured remotely.

Custom Device Configuration Profiles

• Built-in profiles may not meet all needs.
• Custom profiles are created within the Microsoft Endpoint Manager admin center.
• Custom profiles are applicable to Android, iOS, macOS, and Windows 10 and above.

Configuring Device Configuration Profiles

• Profiles are assigned to devices or user groups.
• Assigning to a device group applies settings to all devices in the group regardless of user.
• Assigning to a user group applies settings to the user on any device they use.
• Exclusions can be configured to prioritize certain groups over others. Exclusion takes precedence over inclusion.

Kiosk Mode

• Kiosk mode restricts a device to a single application.
• Useful for public use or specific purposes.
• Examples include self-service, kiosks at museums, and checkout stations.
• Uses Assigned Access for controlling the device.

Microsoft Tunnel for Intune

• Microsoft Tunnel allows secure access to corporate resources.
• Users can access resources from outside the network.
• Useful for remote work or managing on-premises resources.
• Device and on-premises resources are securely connected.
• Microsoft Tunnel is available for iOS and Android.
• Connections can be managed through the Intune console.

Device Lifecycle

• Intune manages the entire device lifecycle.
• It handles software updates and security monitoring starting from enrollment to retirement.
• It allows remote deployments of operating systems, software, and updates.
• It is useful for managing hardware and software inventories.
• Can manage devices from enrollment through retirement.

Monitor Devices with Intune

• Intune is a cloud-based device management tool.
• Manages Azure, hybrid, and on-premises devices.
• Manages Windows, Android, Windows, and Linux operating systems.
• Enrollment can be user-driven or managed via a device enrollment manager.

Monitor Devices with Azure Monitor

• Azure Monitor monitors device, application, and service health.
• Machine learning is used to identify and address unusual patterns.
• Administrators are alerted and can customize dashboards, alerts, and notifications for organizational needs.
• Works in conjunction with Azure services and third-party tools for analysis.

Monitor Devices with Endpoint Analysis

• Azure Endpoint Analysis identifies the performance, security, and health of devices.
• Troubleshooting can be improved and technical issues can be mitigated.
• Device performance and productivity improvements can be made.

Updating Policies with Intune

• Policies and procedures can be updated in real-time using Intune.
• Updates are automatically deployed to devices.
• Devices check for updates every 8 hours.
• Customizable.
• Can manage policies for Windows, iOS/iPadOS, and Mac devices.

Update Rings

• Used to deploy Windows 10 updates progressively, minimizing impact on network and users.
• Stages: pilot, broad deployment, and maintenance.
• Tests and addresses issues before widespread deployment.

Application Deployment and Management

• Intune is a cloud-based platform for managing applications.
• Supports many different platforms: Windows, iOS, Android, and macOS.
• Used for deploying apps, controlling access, and app security.

App Security, App Retirement, and App Usage

• Intune can be used to monitor and manage app security features and retirement schedules..
• Intune manages app usage across multiple devices.
• End users can deploy applications using self-service methods, like company portals.
• Intune can deploy apps in conditional access methods (user vs. device)

Conditional Access Policies

• Allow for granular control over app access.
• Admins create policies, define applicable apps, and specify conditions for access.
• Conditions might include location, device type, or security compliance requirements.
• Access is blocked if conditions are not met.

Description

Explore the functionalities of device configuration profiles using Intune. Learn how to create, manage, and assign profiles across multiple platforms such as Android, iOS, and Windows. Understand the importance of custom profiles and their role in ensuring device compliance and security.