Describe endpoint modernization, management concepts, and deployment options in Microsoft 365 Flashcards
Which service is a cloud-based unified endpoint management solution that simplifies management across multiple operating systems, cloud, on-premises, mobile, desktop, and virtualized endpoints?
Microsoft Intune
Windows 365 and Azure Virtual desktop are both what type of service?
Desktop-as-a-Service
What is Windows-as-a-Service?
new model for Windows. Instead of a major release every three or four years, features are released more frequently, such as semi-annually.
If your organization requires frequent feature updates for Microsoft 365 Apps on a predictable release schedule, which update channel is best?
- Current Channel
- Monthly Enterprise Channel
- Semi-Annual Enterprise Channel
Monthly Enterprise Channel receives feature updates once a month, on the second Tuesday of the month.
How often a device with M365 apps need to check in to the service to verify its licensing status?
Device needs to be able to connect to internet every 30 days to verify a valid subscription
What’s the difference between feature and quality updates
- Feature: release improvements to user experience and the OS. Available once a year
- Quality: releases that contain security and maintenance fixes. Occur monthly
What’s the purpose of a Long-Term Servicing Channel in windows updates?
For devices that don’t need as many feature updates as normal. Example: kiosk, ATM, manufacturing orientated devices
Explain Intune’s Mobile Device Management (MDM) service
- can be used to configure device policies (requiring minimum passwords on devices…)
- remote wipe of stolen devices
- track enrolled devices that contain and/or have access to company data
What are the 3 update channels for MS365 apps?
- Current Channel
- Monthly Enterprise Channel
- Semi-Annual Enterprise Channel
What is Microsoft Intune app management?
Can use Intune to protect your organization’s data at the app level (MAM, aka mobile application management) on both company devices and users’ personal devices, such as smartphones, tablets, and laptops.
Intune provides data protection for apps that have been enhanced to support Intune and deployed using Intune, as well as data protection for devices that have been enrolled in Intune.
When apps are managed in Intune, what administrators can do?
Microsoft Intune app management
* Protect company data at the app level: can add and assign mobile apps to user groups and devices, allowing your company data to be protected at the app level.
can protect company data on both managed and unmanaged devices because mobile app management doesn’t require device management.
The management is centered on the user identity, which removes the requirement for device management.
- Configure apps to start or run with specific settings enabled. In addition, can update existing apps already on the device.
- * Assign policies to limit access and prevent data from being used outside your organization. You choose the setting for these policies based on your organization’s requirements. For example, you can: Require a PIN to open an app in a work context, control the sharing of data between apps, Prevent the saving of company app data to a personal storage location.
- **Support apps on a variety of platforms and operating systems. ** Each platform is different. Intune and Configuration Manager provides available settings specifically for each supported platform.
- **See reports about which apps are used, and track their usage. ** In addition, Intune and Configuration Manager provides endpoint analytics to help you assess and resolve problems.
- Do a selective wipe by removing only organization data from apps.
* Ensure personal data is kept separate from managed data
End-user productivity isn’t affected and policies don’t apply when using the app in a personal context. The policies are applied only in a work context, which gives you the ability to protect company data without touching personal data.
In intune, what is a compliance policy?
Microsoft Intune compliance policies are sets of rules and conditions that you use to evaluate the configuration of your managed devices.
These policies can help you secure organizational data and resources from devices that don’t meet those configuration requirements.
Managed devices must satisfy the conditions you set in your policies to be considered compliant by Intune.
Conditional Access can enforce Microsoft Entra access controls based on a devices current compliance status to help ensure that only devices that are compliant are permitted to access corporate resources.
Intune compliance policies are divided into two areas:
* Compliance policy settings : tenant-wide configurations that act like a built-in compliance policy that every device receives. Compliance policy settings establish how compliance policy works in your Intune environment, including how to treat devices that aren’t assigned an explicit device compliance policy.
* **Device compliance policies ** are discrete sets of platform-specific rules and settings you deploy to groups of users or devices.
Devices evaluate the rules in the policy to report a device compliance status. A noncompliant status can result in one or more actions for noncompliance. Microsoft Entra Conditional Access policies can also use that status to block access to organizational resources from that device.
What does the Intune family include (6)?
The Intune family includes
* Microsoft Intune service,
* Configuration Manager,
* co-management,
* Endpoint Analytics,
* Windows Autopilot
* Intune admin center.
What is Configuration Manager?
Configuration Manager is an on-premises management solution to manage desktops, Windows servers, and laptops that are on your network or internet-based.
Configuration Manager enhances IT services by securely deploying applications and updates at scale, facilitating real-time actions on devices, offering cloud-driven analytics for both on-site and online devices, managing compliance settings, and providing thorough oversight of servers and computers.
You can cloud-attach your Configuration Manager environment
What is Co-management?
Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud, enhancing capabilities like conditional access.
It allows simultaneous management of Windows 10 or later devices through both Configuration Manager and Microsoft Intune
Devices with the Configuration Manager client enrolled in Intune benefit from both services.
The authority to shift specific workloads from Configuration Manager to Intune is in your control, while Configuration Manager retains authority over other workloads.
What is Tenant-attach ?
Tenant attach allows your device records to be in the cloud, enabling you to act on these devices from a cloud console.
It provides real-time data from Configuration Manager clients, including those online.
It also lets you manage endpoint security for both Windows Servers and Client devices from the Intune admin center, including antivirus status and malware reports.
What are the benefits of co-management?
- Conditional Access with device compliance
- Intune-based remote actions, for example: restart, remote control, or factory reset
- Centralized visibility of device health
- Link users, devices, and apps with Microsoft Entra ID
- Modern provisioning with Windows Autopilot
- Remote actions
What is endpoint analytics?
Endpoint Analytics is a cloud-native service that provides metrics and recommendations on the health and performance of your Windows client devices.
Endpoint Analytics is part of the Microsoft Adoption Score.
These analytics give you insights for measuring how your organization is working and the quality of the experience you’re delivering to your users.
Endpoint analytics can help identify policies or hardware issues that might be slowing down devices and help you proactively make improvements before end-users generate a help desk ticket.
TRUE OR FALSE
In intune you can set up a compliance policy
True
