Describe endpoint modernization, management concepts, and deployment options in Microsoft 365 Flashcards
Microsoft Intune
a family of products and services that offer a cloud-based unified endpoint management solution
the Intune family includes:
Microsoft Intune service, Configuration Manager, co-management, Endpoint Analytics, Windows Autopilot and Intune admin center
endpoints
physical devices, such as mobile devices, desktop computers, virtual machines, embedded devices, and servers that connect to and exchange information with a computer network.
zero trust
verify explicitly, use least privilege access, and assume breach
Microsoft offers endpoint management solutions for
employees to collaborate with all different types of devices ( iOS, windows, PCs, mobile phones, etc)
t or f
Microsoft Intune is a cloud-based endpoint management solution that manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.
true
key features of Microsoft Intune
allows management of users and devices
streamlines app management, offering in built deployment, updates, and removal capabilities, integration with private app stores, Microsoft 365 app support, Win32 app deployment, and tools for app protection policies and data access control
automates policy deployment for apps security, device configuration, compliance, conditional access and more
company portal app provides self service features - PIN/ password resets, app install, more
real time threat response and automated redemption
endpoint management and data driven reporting, allowing admins to sign in from any device
configuration manager
on premise management solution to manage desktops, Windows servers, and laptops that are on your network or internet based
co management
one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud, enhancing conditional access
t or f
Conditional access allows organizations to implement policies that control and restrict access to their resources based on certain conditions and criteria.
true
Tenant- attach
allows your device records to be in the cloud, enabling you to act on these devices from a cloud console
also allows you to manage endpoint security for Windows Servers and client devices
Windows Autopilot
cloud native service that sets up and pre configures new devices, getting them ready for use
t or f
you can use Windows Autopilot to reset, repurpose, and recover devices
true
t or f
Microsoft Entra ID (formally known as Azure Active Directory or Azure AD) is is a cloud-native service that is used by Intune to manage the identities of users, devices, and groups.
true
Intune admin center
one-stop web site to add users and groups, create and manage policies, and monitor your policies using report data
t or f
Windows 365 and Azure Virtual Desktop (AVD) are both virtual desktop solutions known as Desktop as a service ( DaaS )
true
an enhancement from Windows 10 to Windows 11
Microsoft Copilot in Windows
t or f
Windows 365 is a cloud-based service that automatically creates a new type of Windows virtual machine (VM), known as Cloud PCs, for your end users.
true
what are the two editions that Windows 365 is available in?
Windows 365 Business
Windows 365 Enterprise
Azure Virtual Desktop (AVD)
is a modern and secure desktop and app virtualization solution that runs on the cloud
t or f
AVD allows users to connect to a Windows running desktop in the cloud
true
t or f
AVD gives you the ability to access your desktop and applications from virtually anywhere
true
t or f
Azure Virtual Desktop on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device
true
Windows Client
a comprehensive desktop operating system that allows you to work efficiently and securely
WaaS - Windows as a Service
new way to work with Windows desktop
simplifying the deployment and servicing of Windows client computers
maintains a consistent and current Windows experience for users
Release types for Windows client
Feature updates
Quality updates
Feature Updates for Windows Client
2X a year.
add new functionality
smaller updates - which means less time to adapt to smaller changes
less disruption and effort
workload and cost impact of updating is reduced
more productive with earlier access to new features
Quality updates for Windows Client
issued once a month as non security releases or combined security + non security releases
provide security and reliability fixes
Servicing channels
first way to separate users into deployment groups for feature and quality updates
What are the servicing channels?
Windows Insider Program
General Availability Channel
Long term servicing channel
Windows Insider Program
provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update
New features are delivered to the Windows Insider community during the development cycle through a process called flighting.
This process will allow organizations to see exactly what Microsoft is developing and start their testing as soon as possible.
Microsoft recommends that all organizations have at least a few devices enrolled in this program
General Availability Channel
update releases annually
ideal for pilot deployments and testing of feature updates.
It’s also ideal for users such as developers who need to work with the latest features.
Long-term servicing channel
is designed for specialist systems and devices that don’t run Office apps such as medical equipment or ATMs.
These devices typically perform a single task and don’t need frequent updates compared to other devices in the organization.
This channel receives new features every two or three years.
Deployment rings
a deployment method used to separate devices into a deployment timeline.
Each “ring” comprises a group of users or devices that receive a particular update together.
A common ring structure uses three deployment groups
Preview - planning and development
Limited - pilot and validation
Broad - wide deployment
what is the purpose of the preview ring?
to evaluate the new features of the update
what is the purpose of the limited ring?
to validate the update on representative devices across the network
what is the purpose for Broad ring?
Once the devices in the limited ring have had a sufficient stabilization period, it’s time for broad deployment across the network.
Deployment methods
Modern
Dynamic
Traditional
Modern Deployment Methods
grasp both traditional on-premises and cloud services to deliver a streamlined, cost effective deployment experience.
- windows autopilot
- in place upgrade
Windows Autopilot ( modern deployment methods)
allows IT professionals to customize the out-of-box experience (OOBE) for Windows PCs and provide end users with a fully configured new Windows device. Users can go through the deployment process independently, without the need to consult their IT administrator.
In-place upgrade (modern deployment methods)
provides a simple, automated process that uses the Windows installation program to upgrade from an earlier version of Windows
automatically preserves all data, settings, drivers, and applications from the existing operating system version.
In-place upgrade requires the least IT effort, because there’s no need for any complex deployment infrastructure.
Dynamic deployment methods
enable you to configure applications and settings for specific use cases without having to deploy a new custom organization image to the device.
Subscription activation
Azure Active Directory (Azure AD) joined with automatic mobile device management (MDM) enrollment
Provision package configuration
Subscription activation ( Dynamic deployment methods )
uses a subscription to switch from one edition of Windows to another when a licensed user signs into a device.
For example, you can switch from Windows 10 Pro to Windows 10 Enterprise.
Azure Active Directory (Azure AD) joined with automatic mobile device management (MDM) enrollment ( Dynamic deployment methods )
automatically joins the device to Azure AD and is configured by MDM.
The organization member just needs to provide their work or school user ID and password.
Provisioning package configuration ( Dynamic deployment methods )
uses the Windows Imaging and Configuration Designer (ICD) tool. This tool is used to create provisioning packages that contain all the configuration, settings, and apps that can be applied to devices.
Traditional deployment methods
use existing tools to deploy operating system images
New computer
Computer refresh
Computer replace
New computer ( traditional deployment methods)
also called bare metal, is when you deploy a new device or wipe an existing device and deploy with a fresh image.
Computer refresh (traditional deployment methods)
also called wipe-and-load, is when you redeploy a device by saving the user state, wiping the disk, then restoring the user state.
Computer replace (traditional deployment methods)
when you replace an existing device with a new one. You save the user state on the old device and then restore it to the new device.
t or f
Microsoft 365 Apps can be installed individually by users on their devices
true
Methods available to deploy Microsoft 365 Apps
Deploy from a local source with Configuration Manager
Deploy from the cloud with the Office Deployment Tool (ODT)
Deploy from a local source with the Office Deployment Tool (ODT)
Self-install from the cloud
t or f
You can control how often the users in your organization get these new features by specifying the update channel
true
Microsoft also provides each update channel with two other types of updates that are released every month:
Security updates
Non security updates (quality updates)
3 primary channels for Microsoft 365 Apps
Current channel
Monthly Enterprise Channel
Semi Annual Enterprise Channel
t or f
not all users in your organization need to be on the same update channel
true
t or f
Microsoft 365 Apps checks for updates regularly, and they’re downloaded and installed automatically
true
Current channel
receives feature updates as soon as they’re ready, but there’s no set schedule.
receives security and non-security updates around two or three times a month
Microsoft recommends this channel because it provides users with the newest Office features as soon as they’re ready
Monthly enterprise channel
1x a month on the second Tuesday of the month
can include feature, security, and non-security updates.
Microsoft recommends this channel if you want to provide your users with new Office features once a month on a predictable release schedule.
Semi annual enterprise channel
receives feature updates every six months, in January and July on the second Tuesday of the month
can include feature, security, and non-security update
Microsoft recommends this channel only for those select devices in your organization where extensive testing is needed before rolling out new Office features.
a cloud-based unified endpoint management solution that simplifies management across multiple operating systems, cloud, on-premises, mobile, desktop, and virtualized endpoints?
microsoft intune
Windows 365 and Azure Virtual desktop are both what type of service?
desktop as a service
What is Windows-as-a-Service?
windows with regular feature updates
if your organization requires frequent feature updates for Microsoft 365 Apps on a predictable release schedule, which update channel is best?
Monthly enterprise channel
