Configure profiles for user and devices - Execute device profiles Flashcards
What does Microsoft Intune manage on different devices?
Settings and features using profiles
Profiles are used to enable or disable features on devices within an organization.
What is an example of a profile that provides access to corporate Wi-Fi?
Wi-Fi profile
This profile allows different devices to connect to the corporate Wi-Fi.
What type of profile gives devices access to a VPN server?
VPN profile
This profile is used to enable secure connections to the corporate network.
What are Administrative Templates in Microsoft Intune?
Hundreds of settings controlling features in various applications
These include Microsoft Edge, Internet Explorer, Microsoft Office, and more.
What do Certificates in Intune configure?
- Trusted,
- SCEP: Simple Certificate Enrollment Protocol
- PKCS: Public Key Cryptography Standards
These certificates are used for authenticating Wi-Fi, VPN, and email profiles.
What features do Device features profiles control on iOS and macOS (examples)?
- AirPrint,
notifications, - shared device configurations
These settings are specific to iOS and macOS devices.
What do Device restrictions control?
Security, hardware, data sharing, and more settings
For example, they can prevent iOS device users from using the device camera.
What does the Edition upgrade and mode switch profile do?
Automatically upgrades Windows devices
This applies to devices running specific versions of Windows.
What does the email settings profile do?
Creates, assigns, and monitors Exchange ActiveSync email settings
It helps ensure consistency and reduces support calls for email access.
What settings does Endpoint protection configure for Windows devices?
BitLocker and Microsoft Defender settings
These are essential for securing Windows devices.
What does Identity protection control in Windows?
Windows Hello for Business experience
It specifies requirements for device PINs and gestures.
What does the Kiosk settings profile configure?
Runs one app or multiple apps
It allows customization of features like the start menu and web browser.
What do VPN settings assign in an organization?
VPN profiles to users and devices
This enables secure remote access to the company network.
What do Wi-Fi settings assign to users and devices?
Wireless network settings
Users gain access to corporate Wi-Fi without needing to configure it themselves.
What are Custom profiles in Intune?
Ability to assign non-built-in device settings
These settings will be explained in detail in a later unit.
Where should you go to create a Windows device profile ?
In the Microsoft Intune admin center,
1. select Devices,
2. then select Windows platform,
3. then select Configuration Profiles
4 Then select Create Profile
After selecting “create profile”, what can of properties are mandatory to reate the windows device profile?
Platform: Choose which versions of Windows to include.
Profile type: Select the type you want to create.
Once you create the profile, you’ll be prompted to configure the settings of the profile?
What are the 5 steps you must fill to complete the profile ?
- Basics. Define a name for the profile and a description
- Configuration Settings. The profile type you defined in step 3 will determine what options are here. For example, if you choose the Device Restrictions profile, you’ll see several options such as which control panel options are available, Microsoft Edge configurations, or App Store restrictions. Choosing the WiFi profile will allow you to configure settings such as SSID and EAP settings.
-
Assignments The profile can be assigned to the following:
Selected Groups
All Users & All Devices
All Devices
All Users
Intune device configuration profiles let you exclude groups from policy assignment. - Applicability Rules. These rules allow further restriction of the profile assignment or exclusion specific OS versions or editions.
- Review + create. As the end of the process, a summary of the profile settings will be displayed, with the option to create the profile.
What do Intune device configuration profiles allow regarding policy assignment?
They let you exclude groups from policy assignment.
Can you assign a device profile to the All sales users group while excluding members of the Sales Managers group?
Yes, you can assign a device profile to the All sales users group and exclude members of the Sales Managers group.
When excluding groups from an assignment, what types of groups can you exclude?
You can exclude only users or only exclude device groups, but not a mixture of both.
Does Intune consider user-to-device relationships when excluding groups?
No, Intune doesn’t consider any user-to-device relationship when excluding groups.
What happens when you include user groups while excluding device groups?
It might not create the results you expect.
In a scenario where mixed groups are used, which takes precedence: inclusion or exclusion?
Inclusion takes precedence over exclusion.
What is an example of a policy assignment scenario involving kiosk devices?
Assigning a device profile to all devices except kiosk devices.
If you include the All Users group and exclude the All Devices group, what happens?
All users and their devices get the policy.
Why do devices without a user not receive the policy?
Because those devices have no relationship to the All Users group.
What occurs if you include All Devices and exclude All Users?
All the devices receive the policy.
What is the intent when excluding devices that have an associated user from a policy?
The intent is to exclude those devices from the policy.
How does exclusion work in terms of group members?
Exclusion only looks at the direct members of the groups.
What is the purpose of creating a custom device profile in Intune?
To configure the profile with custom device settings that may not be available by default.
Which profile is used to deploy OMA-URI values for Windows 10 and later devices?
Microsoft Intune custom profile for Windows 10 and later.
What can be found in the Windows device restriction profile?
Many built-in settings that are available in Intune without the need for custom values.
What is the first step to create a custom profile in the Microsoft Intune admin center?
Select Devices > Configuration profiles > Create profile > Windows 10 and later as the platform.
For a Windows device, what should you do in the Configuration tab when adding OMA-URI settings?
Select Add to create a new setting.
For a Windows device, what file format can you use to export configured OMA-URI values?
.csv (comma-separated values) file.
For a Windows device, what information is required for each OMA-URI setting?
Name, Description, OMA-URI, Data type, Value.
What are the possible data types you can choose from when adding an OMA-URI setting for a Windows device?
- String
- String (XML)
- Date and time
- Integer
- Floating point
- Boolean
- Base64
What must you do after entering the OMA-URI setting details?
Select OK and then select Create in the Create profile pane.
True or False: Not all settings are compatible with all Windows versions.
True.
Where can you find out which Windows versions are supported for each Configuration Service Provider (CSP)?
In the configuration service provider reference.
What must a setting support to work with Intune?
The Add or Replace operations.
What are Android Enterprise custom profiles used for?
To control features on Android Enterprise devices using OMA-URI settings
OMA-URI stands for Open Mobile Alliance Uniform Resource Identifier.
How do the steps for creating a custom Android profile compare to creating a Windows custom profile?
The steps are identical, except that the profile is created under the Android platform.
What is the OMA-URI for creating a Wi-Fi profile with a pre-shared key?
./Vendor/MSFT/WiFi/Profile/SSID/Settings
What is the OMA-URI for creating a per-app VPN profile?
./Vendor/MSFT/VPN/Profile/Name/PackageList
What OMA-URI setting is used to restrict copy and paste actions between work and personal apps on Android Enterprise devices?
./Vendor/MSFT/WorkProfile/DisallowCrossProfileCopyPaste
Can Android devices expose a complete list of OMA-URI settings that can be configured?
No, Android devices do not expose a complete list of OMA-URI settings.
What is OEMConfig used for in the context of Android Enterprise devices?
To add, create, and customize OEM-specific settings that aren’t built in to Intune.
True or False: Only a limited number of Android Enterprise custom profiles are supported by Intune.
True
Fill in the blank: For an android device, the OMA-URI for restricting copy and paste actions is _______.
./Vendor/MSFT/WorkProfile/DisallowCrossProfileCopyPaste
What does OEM in OEMConfig stand for?
Original Equipment Manufacturer
What tool is used to create settings for custom profile for Apple devices in Microsoft Intune?
Apple Configurator tool
The Apple Configurator tool allows the creation of settings that control device operation.
What is the first step in creating a custom profile for Apple devices in Intune?
Create a device profile for iOS/iPadOS or macOS, selecting Custom as the profile type
This is done in the Microsoft Intune admin center.
What is required for the configuration profile file created by Apple Configurator?
It must be compatible with the version of the OS on the devices
Incompatible settings must be resolved according to Apple’s documentation.
True or False: Intune allows the assignment of settings that are configurable with other Apple device profile types.
False
Custom profiles allow settings that aren’t configurable with other profile types.
Fill in the blank: The Apple Configurator tool lets you create many settings that control the _______ of these devices.
operation
What can you do with the configuration profile after creating it with Apple Configurator?
Import it into an Intune iOS/iPadOS/macOS custom profile
This allows the settings to be assigned to users and devices.
What is the purpose of the Custom Configuration Profile in Microsoft Intune for apple devices?
To assign settings to Apple devices that are not configurable with other profile types
This enhances device management capabilities.
As an IT administrator, you need to create a device profile for Windows devices that will enable the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms.
Which type of device profile should you create?
1. Device Security Profile
2. Device Compliance Profile
3. Device Configuration Profile
Device Configuration Profile
Your organization wants to prevent iOS device users from using the device camera.
Which type of profile should you create in Intune?
1. VPN profile
2. Wi-Fi profile
3. Device restrictions profile
Device restrictions profile
Why would you create a custom device profile in Intune?
1. To add settings that aren’t available in Intune or to use settings available in other device profiles
2. To use only built-in settings in Intune
3. To restrict access to device settings for all user
To add settings that aren’t available in Intune or to use settings available in other device profiles
Intune policies fall into multiple categories. Which category is commonly used to manage security settings and features on devices, including defining access to company resources?
- Conditional access policies
- Configuration policies
- Device compliance policies
Configuration policies
