1212 Ch11.2-13.2: Device Configuration Profiles in Intune

Questions and Answers

What is one benefit of using device configuration profiles in an organization?

They require manual configuration for each device.

They help ensure compliance and consistency with device settings. (correct)

They necessitate frequent updates from users.

They can only be used for Windows devices.

Which platforms can custom device profiles be applied to?

Only iOS and Android

Only Windows 10 and above

Any operating system available

Android, iOS, macOS, and Windows 10 and above (correct)

What occurs when assigning a device configuration profile to a device group?

Settings are only applied when a specific user logs in.

Settings are applied to all users regardless of their logins. (correct)

Settings must be confirmed by the user before application.

Settings will apply only to dedicated devices for exclusive users.

How can an administrator create exceptions when deploying device profiles?

By specifying that exclusions take precedence over inclusions.

What is the purpose of Microsoft's kiosk mode?

To restrict a device's use to a single application in a controlled environment.

What is a key feature of device configuration profiles in the context of security?

They improve device security by applying consistent settings.

What is an advantage of using a web-based management interface for device profiles?

It allows for real-time updates and edits to profiles.

What happens when the retire action is selected for a device in Intune?

Managed app data is removed.

What is the primary purpose of kiosk mode?

To run a specified application above the lock screen

How often do devices typically check for updates when managed by Intune?

Every 8 hours.

Which devices can be managed through Microsoft Tunnel for Intune?

Windows, Android, iOS, and macOS devices

What feature does Azure Monitor provide for identifying abnormal patterns?

Alerts to administrators.

What can Azure Endpoint Analytics help administrators with?

Troubleshooting connected devices.

What is the first step in managing a device's lifecycle with Intune?

Device enrollment

Which operating systems can be managed with Microsoft Intune?

Windows, Android, macOS, and Linux.

What happens when the wipe action is selected on a device in Intune?

Device is restored to factory settings

What does Intune ensure when using the 'Wipe device' option?

The reset will be retried until successful.

What capability allows users to enroll their devices in Intune themselves?

Company portal

Which feature of Intune supports secure access to corporate resources for remote users?

Microsoft Tunnel

What is the primary function of Intune as a mobile device management tool?

Managing device policies and configurations.

What does the 'retain enrollment state and user account' checkbox do during the wipe process?

Preserves user data on the device

What benefits does Azure Monitor offer to administrators?

Customization of dashboards and alerts.

What kind of devices can be enrolled using Intune?

Personal and corporate-owned PCs and tablets

What action is NOT taken when a device is retired from Intune Management?

The device is permanently deleted.

What management tasks can Intune perform regarding device updates?

Deploy operating systems and software updates

Study Notes

Device Configuration Profiles

• Intune allows creating profiles to enable or disable device settings.
• Profiles use a web-based interface for management.
• Settings can be changed and edited at any time.
• Profiles work on various platforms like Android, iOS, and Windows.
• Profiles are linked to Azure AD groups.
• Configuration baselines are used, reducing potential mistakes.
• Profiles ensure device compliance and consistency.
• Profiles improve device security.
• Profiles can be configured remotely.

Custom Device Configuration Profiles

• Built-in profiles may not meet all needs.
• Custom profiles are created within the Microsoft Endpoint Manager admin center.
• Custom profiles are applicable to Android, iOS, macOS, and Windows 10 and above.

Configuring Device Configuration Profiles

• Profiles are assigned to devices or user groups.
• Assigning to a device group applies settings to all devices in the group regardless of user.
• Assigning to a user group applies settings to the user on any device they use.
• Exclusions can be configured to prioritize certain groups over others. Exclusion takes precedence over inclusion.

Kiosk Mode

• Kiosk mode restricts a device to a single application.
• Useful for public use or specific purposes.
• Examples include self-service, kiosks at museums, and checkout stations.
• Uses Assigned Access for controlling the device.

Microsoft Tunnel for Intune

• Microsoft Tunnel allows secure access to corporate resources.
• Users can access resources from outside the network.
• Useful for remote work or managing on-premises resources.
• Device and on-premises resources are securely connected.
• Microsoft Tunnel is available for iOS and Android.
• Connections can be managed through the Intune console.

Device Lifecycle

• Intune manages the entire device lifecycle.
• It handles software updates and security monitoring starting from enrollment to retirement.
• It allows remote deployments of operating systems, software, and updates.
• It is useful for managing hardware and software inventories.
• Can manage devices from enrollment through retirement.

Monitor Devices with Intune

• Intune is a cloud-based device management tool.
• Manages Azure, hybrid, and on-premises devices.
• Manages Windows, Android, Windows, and Linux operating systems.
• Enrollment can be user-driven or managed via a device enrollment manager.

Monitor Devices with Azure Monitor

• Azure Monitor monitors device, application, and service health.
• Machine learning is used to identify and address unusual patterns.
• Administrators are alerted and can customize dashboards, alerts, and notifications for organizational needs.
• Works in conjunction with Azure services and third-party tools for analysis.

Monitor Devices with Endpoint Analysis

• Azure Endpoint Analysis identifies the performance, security, and health of devices.
• Troubleshooting can be improved and technical issues can be mitigated.
• Device performance and productivity improvements can be made.

Updating Policies with Intune

• Policies and procedures can be updated in real-time using Intune.
• Updates are automatically deployed to devices.
• Devices check for updates every 8 hours.
• Customizable.
• Can manage policies for Windows, iOS/iPadOS, and Mac devices.

Update Rings

• Used to deploy Windows 10 updates progressively, minimizing impact on network and users.
• Stages: pilot, broad deployment, and maintenance.
• Tests and addresses issues before widespread deployment.

Application Deployment and Management

• Intune is a cloud-based platform for managing applications.
• Supports many different platforms: Windows, iOS, Android, and macOS.
• Used for deploying apps, controlling access, and app security.

App Security, App Retirement, and App Usage

• Intune can be used to monitor and manage app security features and retirement schedules..
• Intune manages app usage across multiple devices.
• End users can deploy applications using self-service methods, like company portals.
• Intune can deploy apps in conditional access methods (user vs. device)

Conditional Access Policies

• Allow for granular control over app access.
• Admins create policies, define applicable apps, and specify conditions for access.
• Conditions might include location, device type, or security compliance requirements.
• Access is blocked if conditions are not met.

Description

Explore the functionalities of device configuration profiles using Intune. Learn how to create, manage, and assign profiles across multiple platforms such as Android, iOS, and Windows. Understand the importance of custom profiles and their role in ensuring device compliance and security.