MDM Device Management SK

Question 1

How many times can you enter an incorrect password for a Managed Apple ID before it is disabled?

Answer 1

A Managed Apple ID can be locked or disabled when an incorrect password is entered more than 10 times in a row.

Question 2

How to reset password for Managed Apple IDs?

Answer 2

A user can’t reset the password for their Managed Apple ID. An Apple Business Manager, Apple Business Essentials, or Apple School Manager user with the role of Administrator or People Manager can reset the password. An Apple School Manager user with the role of Site Manager can also reset the password

Question 3

What happens when you use a device with both a Managed Apple ID and a personal Apple ID?

Answer 3

When you use a device with both a Managed Apple ID and a personal Apple ID, your personal data and the organization’s data are kept separate and cryptographically secure. You can continue to access your personal data with your personal Apple ID — without the organization having access to this data.

Question 4

Like any Apple ID, Managed Apple IDs can be used on which types of devices?

Answer 4

dedicated or shared devices.

Question 5

Which option doesn’t work for creating a new Apple ID?

Answer 5

You can’t create an Apple ID using Apple TV.

Question 6

What happens if the administrator forgets or loses their password before at least one additional administrator is created for Managed Apple IDs?

Answer 6

they must use the iforgot.apple.com website to reset their password for Apple Business Manager, Apple Business Essentials, or Apple School Manager.

Question 7

Is the iCloud Mail account service available for Managed Apple IDs?

Answer 7

Inaccessible

Question 8

Which iCloud services can be accessed if enabled for Managaed Apple IDs using Apple School Manager?

Answer 8

If permitted, iCloud data can be accessed on devices and by signing in to iCloud.com. iCloud Backup, iCloud Drive, iCloud Keychain, Calendar, Contacts, Freeform, News, Notes, Photos, Reminders, Safari, Siri, Stocks.

Question 9

Is App Store available for Managed Apple IDs?

Answer 9

Allows browsing but can’t buy apps

Question 10

In order to protect user privacy, what services are NOT accessible for Managed Apple IDs?

Answer 10

Find My-The app appears, but the user can’t use it.
Health- The app appears, but the user can’t use it.
Home- The user can’t add HomeKit devices to the Home app.
Journal- The app appears, but the user can’t use it
iCloud Family Sharing- Unavailable
iCloud Mail- Unavailable
iCloud Services (Private Relay, Hide My Email, Custom Email Domain)- Unavailable

Question 11

Who can create and manage Managed Apple ID’s?

Answer 11

Apple Business Manager, Apple Business Essentials, or Apple School Manager with required role - Only organizations can create and manage Managed Apple IDs

Question 12

In order for devices and service to work seamlessly across device what must be enabled?

Answer 12

Apple ID

Question 13

Can a device be configure with out a Apple ID?

Answer 13

Yes, however some services and feature may not be available

Question 14

How can Managed Apple ID be configured?

Answer 14

role-base, administration, identity federation and bulk actions.

Question 15

Can Managed Apple ID be used on dedicaed and shared device?

Answer 15

Yes

Question 16

When using both a Presonal and Managed Apple ID on the same device, is data share between to the two accounts?

Answer 16

data is kept separate and cryptographically secure.

Question 17

What role is used to create users in Apple Business Manager and Apple Business Essentials?

Answer 17

Administrator or People Manager

Question 18

What role is used to create users in Apple School Manager?

Answer 18

Administrator or Site Manager

Question 19

Can users reset their own passwords for a Managed Apple ID?

Answer 19

No, Administrator is the only one who can reset and update passwords for Managed ID’s

Question 20

If a Managed Apple ID is locked due to supected fraudulent activities, how can it be unlocked?

Answer 20

Contact Apple

Question 21

When a device is lost, what feature can be used when working with a Managed Apple ID

Answer 21

MDM Lost Mode

Question 22

Can Manage Apple ID access iCloud Mail accounts?

Answer 22

No, inaccessible

Question 23

How does Mananged Apple ID effect App store behavior?

Answer 23

Allows browsing but can’t buy apps

Question 24

If a user is unsure if they have an Apple ID or forgot the password, where can they go to find out?

Answer 24

entering their name and email address at iforgot.apple.com

Question 25

Where can Apple ID users go to managed settings related to signing in, account security, and recovering account access when having trouble signing in?

Answer 25

appleid.apple.com

Question 26

How can a Apple ID keep their account current and safe?

Answer 26

• Change the password periodically.- Update trusted phone numbers and trusted devices.- Use two-factor authentication, including security keys — refer to Two-factor authentication for Apple ID.- Make sure that the notification email address is one they frequently use.

Question 27

What happens when you sign in to your Apple ID on another Apple device?

Answer 27

You can sync designated data and settings from your other devices.When you sign in to your Apple ID on another iPhone, iPad, or Mac, you can choose to sync designated data and settings from other Apple devices using the same Apple ID.

Question 28

What happens if you complete the setup of a new Apple device without signing in with an Apple ID?

Answer 28

Some services and features are unavailable until an Apple ID is associated with the device.You can complete the initial setup and configuration of a new Apple device without signing in with an Apple ID. However, some services and features are unavailable until an Apple ID is associated with the device.

Question 29

Which option doesn’t work for creating a new Apple ID?

Answer 29

Apple TV - You can’t create an Apple ID using Apple TV.

Question 30

In the App Store, a user can browse and view apps but can’t buy them.What’s the possible cause of this issue?

Answer 30

The user is signed in with a Managed Apple ID.When signed in with a Managed Apple ID, the user can browse but not buy (or get for free) items from the App Store, the iTunes Store, or Apple Books.

Question 31

What features between devices can a user access when signed in with the same Managed Apple ID as the primary account on both devices?

Answer 31

• AirDrop
• AirPlay to Mac
• Auto Unlock
• Continuity Camera
• Continuity Markup and Sketch
• Handoff
• Personal Hotspot
• iPhone cellular calls
• Sidecar
• Universal Clipboard
• Universal Control

Question 32

What collaboration and communication services may be available based on specific criteria between devices when a user is signed in with the same Managed Apple ID as the primary account on both devices?

Answer 32

Read subheading: Collaboration and communication services availability —————> Apple School Manager availability VS Apple Business Manager and Apple Business Essentials availability

Question 33

Using Apple School Manager- By default, can users who DON’T have the role of Administrator that sign in with a Managed Apple ID able to access FaceTime and iMessage?

Answer 33

No
By default, users who don’t have the role of Administrator that sign in with a Managed Apple ID are UNABLE to access FaceTime and iMessage. You can modify that access.

Question 34

Managed Apple IDs in Apple School Manager- what are the two different levels of access that can be turned on for FaceTime and iMessage?

Answer 34

FaceTime and iMessage
- anyone inside and outside of your organization (default)
OR
- allowed with only other users in your

Question 35

Topic: Managed Apple IDs- What happens in case requirements for the management state of a device are changed?

Answer 35

a Managed Apple ID is automatically signed out of a device if the device state doesn’t meet the new requirements

Question 36

What enables apple devices to support MDM?

Answer 36

Frameworks

Question 37

Using MDM how can an administrator automate installation of certificates and applications and configure access to resources?

Answer 37

Profiles and commands

Question 38

In order for a device to be managed what must it have?

Answer 38

Enrollment Profile

Question 39

What contains identity certificates and information to associate a device with an MDM solution?

Answer 39

Enrollment Profile

Question 40

When an organization-owed device is enrolled using Automated Device Enrollment, what MDM state is it considered to be in?

Answer 40

managed and supervised

Question 41

When will a device no longer communicate with a MDM solution?

Answer 41

When it is unenrolled

Question 42

Contains one or more payloads

Answer 42

Profiles

Question 43

provide specific settings and authorization information

Answer 43

Payloads

Question 44

Does the preseence of a profile on a device mean that it is enroll to a MDM solution?

Answer 44

No, need to specficly have an enrollement profile

Question 45

How can a enrollment profile be installed?

Answer 45

Automatically, manually by an admin, or by user signing in to Managed Apple ID on personal device

Question 46

Has payloads that automate configuration of settings, accounts, restrictions and credentials

Answer 46

Configuration profile

Question 47

An update to the existing management protocol. Devices are asynchronously update

Answer 47

Declarative Device Management

Question 48

Payloads that represent policy changes the MDM server defines and sends

Answer 48

Declarations

Question 49

Used to proactively communicate with MDM server for updating the status of the device.

Answer 49

Status Channel

Question 50

On an iPhone where can you check to see if it is MDM enrolled?

Answer 50

Settings>General>VPN& Device Managment

Question 51

On a Mac wher can you check to see if it is MDM enrolled?

Answer 51

System settings > Privacy & Security > Profiles Also Apple Menu +Option > System information> software>Profiles or Managed Profiles

Question 52

How can you check the details of a profile installed on a mac?

Answer 52

System Settings > Privacy & Security > ProfilesDouble click on profile to see details

Question 53

Which enhancements to the user experience are available through an MDM solution?

Answer 53

Automated installation of certificates and applications and configuration of emailAn administrator using an MDM solution can securely and wirelessly configure and provision enrolled devices.

Question 54

A device is managed and supervised.Which statement below also applies to the device?

Answer 54

It’s organization-owned and went through Automated Device Enrollment.When an organization-owned device is enrolled into an MDM solution using Automated Device Enrollment, that device is both managed and supervised. An MDM administrator has broader control over a supervised device.

Question 55

What is the best way to check whether a Mac is managed through an MDM solution?

Answer 55

Access the list in System Settings > Privacy & Security > Profiles.If there’s an MDM profile, the device is managed.

Question 56

What is the best way to check whether managed settings of iPhone or iPad devices are interacting with your troubleshooting of Wi-Fi issues?

Answer 56

Find the MDM profile, and tap More Details.Examine the configuration profiles, and determine whether a network or certificate profile is interacting with your troubleshooting.

Question 57

A user can’t print at the office while using their Managed Apple ID on their user-owned iPhone.During troubleshooting, where would you check for MDM settings interacting with AirPrint?

Answer 57

Settings > General > VPN & Device Management > Managed Account > Profiles and Device ManagementFor a user-owned iPhone, the Managed Account contains the profiles.

Question 58

Managed Apple ID’s are created after?

Answer 58

• Create accounts manually- Use federated authentication with Google Workspace or Microsoft Azure Active Directory (Azure AD)- See Intro to federated authentication.Note: If your organization is using federated authentication, the Default Managed Apple ID Format setting doesn’t apply.- Use SCIM with Azure AD- See Review SCIM requirements.- Sync with Google Workspace

Question 59

What are two ways a Apple ID are used?

Answer 59

Accounts and Roles

Question 60

Define which task users can perform with their managed account

Answer 60

Roles

Question 61

Can you change the Managed Apple ID of a user with admin role?

Answer 61

No, to change first need to change admin role then change Managed Apple ID then return admin role

Question 62

What happens when a Managed Apple ID is changed however an element is missing or empty for the user that was changed?

Answer 62

The user’s Managed Apple ID won’t be updated

Question 63

What happens when a new Managed Apple ID format is put in place, however the result is an ID that matches one that alreay exisit?

Answer 63

A number is added to the end of the new Managed Apple ID

Question 64

Are managed users notified when changes take place to thier ID?

Answer 64

No, admin must notify

Question 65

1.ACME, Inc.’s administrators are planning to switch to an eSIM exclusive environment. Users are upgrading their iPhone with models that support ONLY eSIM. Which feature MUST ACME’S carrier support so that users can seamlessly continue to use their lines with eSIM-only iPhone models? A. eSIM Plan Transfer B. eSIM Quick Transfer C. eSIM Convert D. eSIM Carrier Transfer Answer:A

Answer 65

Answer: A eSIM Plan Transfer

Question 66

Which tool should you use first to troubleshoot Mail connectivity issues in macOS?

A. Message Viewer
B. Network Diagnostics
C. Wireless Diagnostics
D. Connection Doctor

Answer 66

Answer: B. Network Diagnostics

Question 67

Where should you go in macOS to limit AirPlay Receiver ONLY to devices signed in to your Apple ID?

A. Go to System Settings > General > AirDrop & Handoff, then select Current User for the “Allow
AirPlay for” option.
B. Open the AirPlay app from the Utilities folder, then select Current User for the “Allow AirPlay for”
option.
C. Go to System Settings > Privacy & Security, then select Apple ID for the “Allow AirPlay for” option.
D. Go to System Settings, then select Apple ID for the “Allow AirPlay for” option in the Sharing
settings.

Answer 67

Answer: A: Go to System Settings > General > AirDrop & Handoff, then select Current User for the “Allow
AirPlay for” option.

Question 68

How should you schedule an email to send in Mail on iPhone?

A. Tap Settings > Mail > Schedule and configure the send date and time.
B. Touch and hold the mail body and configure the send date and time.
C. Touch and hold the send button and set the send date and time.
D. Tap the calendar icon in the mail menu bar and configure the send date and time.

Answer 68

Answer: C. Touch and hold the send button and set the send date and time.

Question 69

Which Wi-Fi authentication settings does Apple recommend for better security for Wi-Fi routers and access points?

A. WPA3 Personal or WPA Personal
B. WPA3 Personal or WPA/WPA2
C. WPA3 Personal or WPA2/WPA3 Transitional
D. WPA2/WPA3 Transitional or WEP Transitional Security Network

Answer 69

Answer: C. WPA3 Personal or WPA2/WPA3 Transitional

Question 70

Which two types of Activation Lock are available to organizations?
A. Individual-linked
B. Device-linked
C. User-linked
D. Personal
E. Organization

Answer 70

Answer: B, E

Question 71

Which action in Apple Configurator for Mac should you select to retain user data (if recoverable) if iPhone or iPad devices are unresponsive or in recovery mode?
A. Restore
B. Revive
C. Update
D. Erase all Content and Settings

Answer 71

Answer:B

Question 72

Study up on: SIP/XProtext. What does XProtect do if it detects malware? Rapid Security Response, WiFi preferences and how a device chooses orders (and security types WPA3/2 Transitional WPA, WEP, Certificate based etc), what the caution symbol on a wifi means, iphone diagnostics and where to find the files, Apple diagnostics (Activity Monitor vs. Console), Revive/ Restore via Apple Configurator, VPN and Device Management, Managed Apple IDs (what they can and cant do), hitting option-wifi to get to wifi diagnostics and what type of file it creates and where it’s located, how to get into safe/recovery mode with Apple Silicon Mac (hold down power button, hit shift to go into safe mode, enter admin password etc..), iCloud backup (what triggers it? how do you set it up? what does it back up?), Accessibility features and settings and their names/ purposes (those got me), troubleshoot Sidecar and Universal Control (same AppleID, bluetooth, display settings etc), some “Gotchas” about paths to settings (make sure you know where to go for like… mobile configs on a phone for example). What various symbols mean (missing OS on a Mac for example). Lockdown mode and what it does (especially with Safari, those got me too). Where are passkeys stored? Where would you delete one (where in settings)?

Question 73

how to access emergency sos on your iphone?

Answer 73

Press and hold the side button and one of the volume buttons until the Emergency SOS slider appears. Drag the Emergency Call slider to call emergency services. If you continue to hold down the side button and volume button, instead of dragging the slider, a countdown begins and an alert sounds.

Question 74

What is Lockdown Mode?

Answer 74

Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.
When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.
Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available in iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma. For a complete set of protections, update your devices to the latest software before turning on Lockdown Mode.

Question 75

How Lockdown Mode protects your device

Answer 75

How Lockdown Mode protects your device
When Lockdown Mode is enabled, some apps and features will function differently, including:
Messages - Most message attachment types are blocked, other than certain images, video, and audio. Some features, such as links and link previews, are unavailable.
Web browsing - Certain complex web technologies are blocked, which might cause some websites to load more slowly or not operate correctly. In addition, web fonts might not be displayed, and images might be replaced with a missing image icon.
FaceTime - Incoming FaceTime calls are blocked unless you have previously called that person or contact. Features such as SharePlay and Live Photos are unavailable.
Apple services - Incoming invitations for Apple services, such as invitations to manage a home in the Home app, are blocked unless you have previously invited that person. Game Center is also disabled.
Photos - When you share photos, location information is excluded. Shared albums are removed from the Photos app, and new Shared Album invitations are blocked. You can still view these shared albums on other devices that don’t have Lockdown Mode enabled.
Device connections - To connect your iPhone or iPad to an accessory or another computer, the device needs to be unlocked. To connect your Mac laptop with Apple silicon to an accessory, your Mac needs to be unlocked and you need to provide explicit approval.
Wireless connectivity - Your device won’t automatically join non-secure Wi-Fi networks and will disconnect from a non-secure Wi-Fi network when you turn on Lockdown Mode. 2G cellular support is turned off.
Configuration profiles - Configuration profiles can’t be installed, and the device can’t be enrolled in Mobile Device Management or device supervision while in Lockdown Mode.
Phone calls and plain text messages continue to work while Lockdown Mode is enabled. Emergency features, such as SOS emergency calls, are not affected.