Enroll devices using Microsoft Intune - Explain considerations for device enrollment

Question 1

What is the preferred method for managing a Windows device ?

Answer 1

Enroll it as a mobile device with Intune

Because Windows device has built-in mobile device management features

Question 2

What method must be used for enrolling devices running any operating system other than Windows?

Answer 2

Device enrollment

This includes devices like phones or Macs.

Question 3

How can Windows devices already joined to on-premises AD DS be enrolled to MDM?

Answer 3

Use Group Policy to automatically enroll them

This method simplifies the enrollment process for existing AD DS joined devices.

Question 4

What integration can be configured to automatically enroll Windows devices to MDM?

Answer 4

Integration between Microsoft Entra ID and MDM

Joining a device to Microsoft Entra ID triggers automatic MDM enrollment.

Question 5

List the methods for manually enrolling Windows devices to MDM.

Answer 5

• Using a Settings app
• Using provisioning packages
• Using the Company Portal app

Each method allows for flexibility in device management.

Question 6

True or False: Only Windows devices can be joined to an on-premises AD DS and Microsoft Entra ID.

Answer 6

True

This is why automatic enrollment is exclusive to Windows devices.

Question 7

How can Android and iOS devices be enrolled to MDM?

Answer 7

Only manually using the Company Portal app

The Company Portal app must be downloaded from app stores.

Question 8

What must be ensured for enrolling iOS devices to MDM?

Answer 8

MDM must be configured with a valid Apple Push Notification (APN) certificate

APN certificates are crucial for secure communication.

Question 9

Which devices require an APN certificate for secure communication with MDM?

Answer 9

• iPhones
• iPads
• macOS devices

This requirement applies regardless of the MDM product used.

Question 10

11

What kind of devices Intune supports through device enrollment?

Answer 10

• Windows 10/11 (Home, Pro, Education, S mode, and Enterprise versions)
• Windows 10/11 Cloud PCs on Windows 365
• Windows 10 IoT and Windows 10 Holographic
• Windows 10 2019 LTSC
• Surface Hub
• Windows 10 Teams (Surface Hub)
• Apple iOS/iPadOS 14.0 and later
• macOS 11.0 and later
• Android 8.0 and later, including Samsung KNOX Standard 3.0 and higher
• Linux Ubuntu Desktop (20.04 or 22.04 LTS on x86/64)
• Chrome OS

Question 11

By default, which users are allowed to enroll their supported device types to Intune?

Answer 11

By default, all users who are assigned an Intune license

Question 12

What can you configure that users must meet before they can enroll a device?

Answer 12

enrollment restrictions

Question 13

4

Which criteria enrollment restrictions can include?

Answer 13

• Maximum number of devices that a user can enroll. (By default set to five devices per user).
• Device platforms that can be enrolled:
• Required operating system version for iOS, Android, Android work profile, and Windows devices (Minimum version//Maximum version)
• Restrict enrollment of personally owned devices for iOS, Android, Android work profile, macOS, and personally owned devices for Windows 10/11.

Question 14

6

What are the enrollment options you can configure to manage device enrollment?

Answer 14

• Terms and conditions. require that users accept the company’s terms and conditions before they can use the Company Portal
• Enrollment restrictions. Device types that can be enrolled, block enrollment of personal devices, and restrict the number of devices that each user can enroll.
  Enable Apple device enrollment. You can control whether Apple devices can be enrolled (APN certificate required)
• Corporate identifiers. list international mobile equipment identifier (IMEI) numbers and serial numbers to identify company-owned devices. You can also prevent enrollment of devices that aren’t company-owned.
• Multifactor authentication When users enroll a device, you can require an additional verification method, such as a phone, PIN, or biometric data.
• Device enrollment manager. Device enrollment manager (DEM) can enroll large numbers of devices. A restriction on the number of devices that a user can enroll doesn’t apply to DEM; DEM can enroll up to 1,000 devices.

Question 15

How can you ensure that users enroll their devices?

Answer 15

can configure:
* a Security policy in Microsoft 365
or
* a Conditional access policy in Intune to allow access to company resources only from enrolled device

Question 16

To enroll a windows device in MDM, if a it is already joined to on-premises AD DS which is synced to Microsoft Entra ID, what can you configure ?

Answer 16

the Enable automatic MDM enrollment using default Microsoft Entra credentials Group Policy setting