Getting to Know MDM

Question 1

MDM profiles and commands cannot help isolate personal and organizational information for increased security and privacy.

A. True
B. False

Answer 1

B. False

Question 2

Understanding How MDM Manages Devices

iPhone, iPad, Mac, Apple TV, and Apple Watch have built-in frameworks that support MDM. An MDM administrator sends profiles and commands to devices that an organization — or a member of the organization — owns.

These profiles and commands automate the installation of certificates and applications and configure access to resources like networks and email

A. True
B. False

Answer 2

A. True

Question 3

MDM can help increase device supportability, security, and organization functionality while maintaining user flexibility. With MDM, you can update software and device settings, monitor compliance with organizational policies, and remotely wipe or lock devices

A. True
B. False

Answer 3

A. True

Question 4

An ____ contains identity certificates and information to associate a device with an MDM solution.

Answer 4

enrollment profile

Before a device can be managed, it must be enrolled into an MDM solution with an enrollment profile

Question 5

When an organization-owned device is enrolled into an MDM solution using ____, that device is both managed and supervised

Answer 5

Automated Device Enrollment

An MDM administrator has more control over a supervised device than a user-owned managed device.

Question 6

If your organization uses an MDM solution, you need to understand and comply with organizational policies for device enrollment and management while providing support.

A. True
B. False

Answer 6

A. True

Question 7

The presence of a profile means that an MDM solution manages the device.

A. True
B. False

Answer 7

B. False

A profile contains one or more payloads. A payload provides specific settings and authorization information for Apple devices.

You can create and use profiles to share and apply settings without an MDM solution, but they won’t be automatically installed and applied to devices. The presence of a profile doesn’t necessarily mean an MDM solution manages the device.

Question 8

An ____ must be installed for a device to be managed by an MDM solution, whether that happens automatically, manually by an administrator, or by a user signing in to a Managed Apple ID account on their personal device.

Answer 8

MDM enrollment profile

Question 9

Configuration profiles can contain ____ that manage networking, iCloud access, password policies, FileVault, and many other settings. ____ enhance the user experience because they automate network, account, and app setup and configuration. The user doesn’t need to do anything.

Answer 9

payloads

Question 10

____ is an update to the existing management protocol. It uses declarations to asynchronously update the device settings, restrictions, assets, and more

Answer 10

Declarative device management

Question 11

What are the steps to find an MDM profile on an iPhone or iPad that your organization owns?

Answer 11

open Settings > General > VPN & Device Management.

Question 12

What are the steps to find an MDM profile on a user-owned iPhone or iPad?

Answer 12

open Settings > General > VPN & Device Management to show the managed account for the MDM profile. Then access the MDM profile by tapping Managed Account > Profiles and Device Management

Question 13

What are the steps to find an enrollment profile on a Mac?

Answer 13

open System Settings > Privacy & Security > Profiles.

You can also find profiles in the system report on your Mac. Press and hold the Option key, then choose Apple menu > System Information to open the system report. In the sidebar, scroll to Software and click Profiles or Managed Profiles.

Question 14

If there’s no MDM profile, then the device isn’t managed.

A. True
B. False

Answer 14

A. True

Remember that when you find an MDM profile, you verify that a device is managed.

Question 15

What are the steps to reveal the configuration profiles and payloads on iPhone or iPad

Answer 15

open Settings > General > VPN & Device Management. To reveal the configuration profiles, tap More Details.

On a user-owned iPhone or iPad, open Settings > General > VPN & Device Management to show the managed account for the MDM profile. Then, access the MDM enrollment profile and more details by tapping Managed Account > Profiles and Device Management. Finally, tap More Details.

Question 16

What are the steps to access a configuration profile on Mac?

Answer 16

open System Settings > Privacy & Security > Profiles

The list groups the profiles in categories such as Device, Device (Managed), and User.

Question 17

Which enhancements to the user experience are available through an MDM solution?

A. Isolation of the Secure Enclave from the main processor for additional security

B. Automated installation of certificates and applications and configuration of email

C. Notarization and scanning of apps for malicious content and verification that apps are signed by an authorized developer

Answer 17

B. Automated installation of certificates and applications and configuration of email

An administrator using an MDM solution can securely and wirelessly configure and provision enrolled devices.

Question 18

A device is managed and supervised.

Which statement below also applies to the device?

A. It’s user-owned and went through account-driven User Enrollment.

B. It’s organization-owned and went through Automated Device Enrollment.

C. It’s an organization-owned Shared iPad and went through Device Enrollment.

D. It’s an organization-owned Mac with a single administrative user (a supervisor).

Answer 18

B. It’s organization-owned and went through Automated Device Enrollment.

When an organization-owned device is enrolled into an MDM solution using Automated Device Enrollment, that device is both managed and supervised. An MDM administrator has broader control over a supervised device.

Question 19

What is the best way to check whether a Mac is managed through an MDM solution?

A. Access the list in System Settings > Privacy & Security > Profiles.

B. Check whether the Apple ID signed in on the device matches your organization domain.

C. Access the settings in System Settings > General > Sharing > Remote Management.

Answer 19

A. Access the list in System Settings > Privacy & Security > Profiles.

If there’s an MDM profile, the device is managed.

Question 20

What is the best way to check whether managed settings of iPhone or iPad devices are interacting with your troubleshooting of Wi-Fi issues?

A. Find the MDM profile, and tap More Details.

B. Find the Wi-Fi network settings, and tap the Info button.

C. Find the MDM profile, and tap Leave Remote Management.

Answer 20

A. Find the MDM profile, and tap More Details.

Examine the configuration profiles, and determine whether a network or certificate profile is interacting with your troubleshooting.

Question 21

A user can’t print at the office while using their Managed Apple ID on their user-owned iPhone.

During troubleshooting, where would you check for MDM settings interacting with AirPrint?

A. Settings > General > VPN & Device Management

B. System Settings > Privacy & Security > Profiles

C. Settings > General > VPN & Device Management > Managed Account > Profiles and Device Management

Answer 21

C. Settings > General > VPN & Device Management > Managed Account > Profiles and Device Management

For a user-owned iPhone, the Managed Account contains the profiles.

Question 22

What are the four stages of User Enrollment into MDM?

Answer 22

Service discovery: The device identifies itself to the MDM solution.

User enrollment: The user provides credentials to an identity provider (IdP) for authorization to enroll in the MDM solution.

Session token: A session token is issued to the device to allow ongoing authentication.

MDM enrollment: The enrollment profile is sent to the device with payloads configured by the MDM administrator.