Planning and Managing Device and App Compliance Flashcards
What are some prerequisties for implementing device complaince.
Minimal Subscriptions • Azure AD P1 or higher • Intune standalome Platform support (OS, not physical devices) • Windows Phone 8.1 • Windows 8.1, Windows 10 • IOS, MacOS • Android, Android Enterprise Enrolled in Microsoft Intune
What are some of the steps to implement MDM.
1) Plan for your scenario
2) Get your prerequisites
3) Set up Intune
4) Enroll devices
5) Add and deploy apps
6) Turn on compliance and condition access
7) Apply features and settings
8) Explore other features
What does Signal refer to in reference to Azure AD conditional access policies?
Common signals include users, groups, IP location devices and applications
• Risk detection intergreate with Azure AD identity protection
• Microsoft cloud app security
○ Monitor and control user applications access and sessions in real time
What does Decision refer to in reference to Azure AD conditional access policies?
Common decision are to block access or grant access which can include; meet specific requirements like requiring MFA
○ This is a second level of protection - user would have to authenticate in Azure Ad
○ Block access - most restrictive decision
○ Grant access - least restriction decision
§ Require MFA
§ Require device to be marked as compliant
§ Require Hybrid Azure Ad joined device
§ Require approved client app
§ Require app protection policy
What does Enforcement refer to in reference to Azure AD conditional access policies?
Provide access to resource only if requirement in Decision stage are met
• Common Condition Access Enforcement:
○ Require MFA for admin users
○ Require MFA for Azure management tasks
○ Block sign-ins when using legacy authentication protocols
○ Require trust locations for Azure MFA registration
○ Block or grant specific locations (IP)
○ Block risky sign-in behaviours
§ e.g this person has tried to login 17 times
○ Require org-managed devices for specific apps
What are the 4 categories in Microsoft security monitoring?
Identities Data Devices Apps Can filter by categories to group by topic. • Risk • Detection trends • Configuration and health Other
What is Device Co-management?
• M365 Cloud-attach Configuration Manager
• Manage Windows 10 devices using:
○ Configuration manager
○ Intune
• Benefits
○ Conditional access with devices compliance
○ Intune-based remote actions -restart
○ Centralised monitoring of devices
• Co-management scenarios (when you would want to use this)
○ Domain joined devices with ConfigMgr
§ Needs to have a cloud management gateway deployed
§ Azure AD joined devices with Intune
What are the prequisites for Windows analytic?
• Azure subscription • Commercial ID • Windows telemetry ○ Device health ○ Update compliance § Devices must have telemetry enabled • Window 10
What is Microsoft 365 Store for Business MSfB?
Can be used to purchase distribute and manage apps.
• Accounts
○ MSfB - Global admin require to create a private store
○ AAD for admin - obtain and distribute apps, as well as manage licenses
○ AAD for users - user can download and install online-licensed apps
• Private store
○ Manage app purchasing and distribution
○ Custom user interface
§ Eg show 10 apps instead of 200
§ Browser support (IE10+, Edge, Chrome or Firefox)
How many M365 Store for Business licesning models are there?
2
• Licensing model
○ Online-licensed apps
§ Users connect to Microsoft store to retrieve the app and the license is assigned based on Azure ID.
○ Offline-licensed apps
Apps and licenses are downloaded to a local store and the users access it from the local store. However not all the apps available in the MSfB will be available.
