Describe endpoint modernization, management concepts, and deployment options in Microsoft 365

Question 1

Describe Microsoft Intune

Answer 1

Microsoft Intune is a cloud-based endpoint management solution that manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Some of the key features and benefits of Intune include:

Microsoft Intune is a family of products and services that offer a cloud-based unified endpoint management solution. The Intune family includes Microsoft Intune service, Configuration Manager, co-management, Endpoint Analytics, Windows Autopilot and Intune admin center. These solutions can help manage, protect and monitor all your organization’s endpoints.

Question 2

Define Endpoints

Answer 2

Endpoints are physical devices, such as mobile devices, desktop computers, virtual machines, embedded devices, and servers that connect to and exchange information with a computer network.

Question 3

Define Configuration Manager

Answer 3

Configuration Manager is an on-premises management solution to manage desktops, Windows servers, and laptops that are on your network or internet-based. Configuration Manager boosts IT productivity by reducing manual tasks and letting you focus on high-value projects. Configuration Manager enhances IT services by securely deploying applications and updates at scale, facilitating real-time actions on devices, offering cloud-driven analytics for both on-site and online devices, managing compliance settings, and providing thorough oversight of servers and computers.

Question 4

Define Cloud-attach

Answer 4

If you need to manage a combination of both cloud and on-premises endpoints, you can use cloud attach to use both Intune and Configuration Manager. Cloud attach allows you to connect your on-premises Configuration Manager to the cloud without having to worry about disruption or risk. A Configuration Manager environment is considered cloud attached when it uses at least one of the three primary cloud attach features which consists of co-management, tenant attach, and Endpoint analytics. You can enable these three features in any order you wish, or all at once.

Question 5

Define Co-management

Answer 5

Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud, enhancing capabilities like conditional access. It allows simultaneous management of Windows 10 or later devices through both Configuration Manager and Microsoft Intune, enhancing your Configuration Manager’s functions.

Question 6

Define Tenant- attach

Answer 6

Tenant attach allows your device records to be in the cloud, enabling you to act on these devices from a cloud console. It provides real-time data from Configuration Manager clients, including those online. It also lets you manage endpoint security for both Windows Servers and Client devices from the Intune admin center, including antivirus status and malware reports.

Question 7

Define Endpoint Analytics

Answer 7

Endpoint Analytics is a cloud-native service that provides metrics and recommendations on the health and performance of your Windows client devices. Endpoint Analytics is part of the Microsoft Adoption Score.

Question 8

Define Autopilot

Answer 8

Windows Autopilot is a cloud-native service that sets up and pre-configures new devices, getting them ready for use. You can also use Windows Autopilot to reset, repurpose, and recover devices.

Question 9

Define Intune admin center

Answer 9

The Intune admin center is a one-stop web site to add users and groups, create and manage policies, and monitor your policies using report data. If you use Configuration Manager tenant-attach or co-management, you can see your on-premises devices and run some actions on these devices.

Question 10

Describe Windows 365

Answer 10

Windows 365 is a cloud-based service that automatically creates a new type of Windows virtual machine (VM), known as Cloud PCs, for your end users. Windows 365 introduces a new way to experience Windows client to organizations of all sizes. Securely stream the full Windows experience including apps, data, and settings, from the Microsoft cloud to any personal or corporate device.

It is available in two editions: Windows 365 Business and Windows 365 Enterprise

It is not an operating system and isn’t installed on your computer like Windows. Windows 365 is referred to as a cloud PC because it securly streams your persoalized windows desktop, apps, settings, and content from the cloud to any device.

Question 11

Define Azure Virtual Desktop

Answer 11

Azure Virtual Desktop (AVD) is a modern and secure desktop and app virtualization solution that runs on the cloud. AVD allows users to connect to a Windows desktop running in the cloud. It’s the only solution that delivers multi-session on Windows. AVD gives you the ability to access your desktop and applications from virtually anywhere.

Question 12

Define Windows Client

Answer 12

Windows Client is a comprehensive desktop operating system that allows you to work efficiently and securely. It’s important to keep the desktop operating system up to date because it helps devices run efficiently and stay protected.

Two type of release:
-Feature updates: add new functionality and are released twice a year. Because these updates are more frequent, they’re smaller.
-Quality updates: provide security and reliability fixes. These updates are issued once a month.

Question 13

Define Windows-as-a-Service (WaaS)

Answer 13

Windows-as-a-Service (WaaS) is a new way to work with the Windows desktop. The WaaS model is designed to make life easier for both users and IT professionals by simplifying the deployment and servicing of Windows client computers. WaaS maintains a consistent and current Windows experience for users.

Two release types:
-feature updates: twice a year, in March and September
-Quality updates are monthly updates - security patches and other stuff

Question 14

Describe Servicing Channels

Answer 14

3 service channels:
-Windows insider program: provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update.

-General Availability Channel receives new functionality with feature update releases annually. This model is ideal for pilot deployments and testing of feature updates.

-Long-term servicing channel is designed for specialist systems and devices that don’t run Office apps such as medical equipment or ATMs. This channel gets updates every 2-3yrs.

Question 15

Describe Deployment Rings

Answer 15

Deployment rings are a deployment method used to separate devices into a deployment timeline.

-Preview is for planning and development.The purpose of the preview ring is to evaluate the new features of the update.
-Limited is for pilot and validation.The purpose of the limited ring is to validate the update on representative devices across the network.
-Broad is for wide deployment.Once the devices in the limited ring have had a sufficient stabilization period, it’s time for broad deployment across the network.

Question 16

Describe Modern Deployment Methods

Answer 16

Modern deployment methods grasp both traditional on-premises and cloud services to deliver a streamlined, cost effective deployment experience.

Windows Autopilot allows IT professionals to customize the out-of-box experience (OOBE) for Windows PCs and provide end users with a fully configured new Windows device. Users can go through the deployment process independently, without the need to consult their IT administrator.
In-place upgrade provides a simple, automated process that uses the Windows installation program to upgrade from an earlier version of Windows. This process automatically preserves all data, settings, drivers, and applications from the existing operating system version. In-place upgrade requires the least IT effort, because there’s no need for any complex deployment infrastructure.

Question 17

Describe Dynamic deployment methods

Answer 17

Dynamic deployment methods enable you to configure applications and settings for specific use cases without having to deploy a new custom organization image to the device.

Subscription activation uses a subscription to switch from one edition of Windows to another when a licensed user signs into a device. For example, you can switch from Windows 10 Pro to Windows 10 Enterprise.
Azure Active Directory (Azure AD) joined with automatic mobile device management (MDM) enrollment automatically joins the device to Azure AD and is configured by MDM. The organization member just needs to provide their work or school user ID and password.
Provisioning package configuration uses the Windows Imaging and Configuration Designer (ICD) tool. This tool is used to create provisioning packages that contain all the configuration, settings, and apps that can be applied to devices.

Question 18

Describe Traditional Deployment methods

Answer 18

Traditional deployment methods use existing tools to deploy operating system images.

New computer, or also called bare metal, is when you deploy a new device or wipe an existing device and deploy with a fresh image.
Computer refresh, or also called wipe-and-load, is when you redeploy a device by saving the user state, wiping the disk, then restoring the user state.
Computer replace is when you replace an existing device with a new one. You save the user state on the old device and then restore it to the new device.