Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
MS-102: 365 Admin
MS-102: Microsoft 365 Administrator Certification Knowledge
| Question/Term | Answer/Definition |
|---|---|
| Mobile Device Management (MDM) | Administration of devices such as phones, tablets, and laptops |
| Mobile Application Management (MAM) | Administration of apps that a company's workforce uses, specifically in regard to data protection and privacy |
| Mobile Application Management without Enrollment (MAM-WE) | Allows the management of apps without a device being enrolled; commonly used for BYOD scenarios |
| User State Migration Tool (USMT) | Streamlines and simplifies migrations to new Windows installations; can migrate accounts, files, operating system settings, and app settings |
| ScanState.exe | Utility used with USMT that collects files and settings to create a store; must be run as an administrator; can be executed in WinPE |
| Command Line Option, ScanState.exe /o | Overwrites any existing configuration files in the target directory |
| Command Line Option, ScanState.exe/i:[Path]FileName | Specifies XML files that have rules which define what items to migrate |
| Command Line Option, ScanState.exe /genconfig:[Path]FileName | Generates a Config.xml file but does not create a migration store |
| Command Line Option, ScanState.exe /config:[Path]FileName | Provides a Config.xml file that should be used to create the migration store |
| Command Line Option, ScanState.exe /Auto:[PathToScriptFiles] | Specifies the location of the default XML files and begins the migration |
| Command Line Option, ScanState.exe /genmigxml:[Path] | Usees the document finder to create and export an XML file that defines how to migrate all the files on the device |
| Command Line Option, ScanState.exe /localonly | Only migrates files that are stored on the local device, regardless of any rules in the XML files specified on the command line |
| Benefit # 1 of ScanState.exe in WinPE | Ability to recover an unbootable computer |
| Benefit # 2 of ScanState.exe in WinPE | Improved success of migration because files are not locked for editing and because administrative access is automatically granted |
| Benefit # 3 of ScanState.exe in WinPE | Simplified end-to-end deployment process because the migration can occur after the new operating system is installed |
| Benefit # 4 of ScanState.exe in WinPE | Improved performance because there are fewer running services and because ScanState.exe can access more hardware resources |
| Command Line Option, ScanState.exe /offline:[Path] | Defines the path to an offline XML file that provides offline migration options |
| Command Line Option, Scan State.exe /offlinewindir:[Path] | Specifies the offline Windows directory that the utility uses to gather user state data |
| Command Line Option, ScanState.exe /offlinewinold:[Path] | Enables the offline migration mode and starts the migration from the location specified |
| Command Line Option, ScanState.exe /apps | Scans the online image for apps and includes them and their registry settings |
| Command Line Option, ScanState.exe /ppkg [FileName] | Exports a provisioning package to the specified path |
| Command Line Option, ScanState.exe /vsc | Enables the Volume Shadow Copy service to migrate files that are locked or in use; cannot be used in the /hardlink option |
| Command Line Option, ScanState.exe / hardlink | Enables the creation of a hard-link migration store at the specified location; the /nocompress option must be specified |
| Command Line Option, ScanState.exe /encrypt | Encrypts the migration store with an encryption key; disabled by default |
| Command Line Option, ScanState.exe /nocompress | Disables data compression and saves the files to a hidden folder named "File" at StorePath\USMT; enabled by default |
| Command Line Option, ScanState.exe /all | Specifies that all users on a device should be migrated |
| Command Line Option, ScanState.exe /ui:<Domain>\<user> | Only migrates the specified users; must be used with /ue or /uel |
| Command Line Option, ScanState.exe /uel:0 | Only migrates users that logged on to the device within the specified time period based on the Last Modified date in the ntuser.dat file; can be a specific number of days or a date, in addition to 0 which targets currently logged in users. |
| Command Line Option, ScanState.exe /ue:<Domain>\<User> | Excludes the specified users from the migration; can be specified multiple times. |
| Command Line Option, ScanState.exe /efs | Several command-line options that enable USMT to interact with encrypted files; by default, USMT will fail unless an EFS option is specified |
| Command Line Option, LoadState.exe /decrypt /key:KeyString | Decrypts the migration store with the specified key |
| Command Line Option, LoadState.exe /hardlink | Enables user state date to be restored from a hard-linked migration store; must be used with the /nocompress option |
| Command Line Option, LoadState.exe/nocompress | Specifies that the migration store is not compressed; should only be used for testing but is required with the /hardlink option |
| Command Line Option, LoadState.exe /i:[Path]FileName | Specifies XML files that contains rules that define what state to migrate to the new device; can be specified multiple times for multiple files |
| Command Line Option, LoadState.exe /l:[Path]FileName | Specifies the location and name of the utility's log; if the utility is run from a network share, this option must be specified |
| Command Line Option, LoadState.exe /config:[Path]FileName | Specifies the Config.xml file that the command should use |
| Command Line Option, LoadState.exe /v:0 | Turns verbose output on in the utility's log file; the default value is 0, which is only for errors and warnings |
| Command Line Option, LoadState.exe /v:13 | Enables verbose output in the utility's log file; the specified value logs verbose, status and debugger output |
| Command Line Option, LoadState.exe /c | Keeps the utility running even if non-fatal errors occur; errors are logged |
| Command Line Option, LoadState.exe /r:<Number> | Provides a specific number of retry attempts when an error occurs; the default is three times |
| Command Line Option, LoadState.exe /w:<Number> | Provides a time, in seconds, to wait before retrying a network file operation; the default is one second |
| Command Line Option, LoadState.exe /lac:[Password] | Specifies that a user account is local and does not exist on the destination device; this option is required to enable the local account and is used together with /lae |
| Command Line Option, LoadState.exe /lae | Enables ab account that was created with the /lac option |
| UsmtUtils.exe | Utility that validates and troubleshoots User State Migration Tool deployments |
| Command Line Option, UsmtUtils.exe /ec | Returns a list of the supported encryption algorithms on the system |
| Command Line Option, UsmtUtils.exe /verify | Returns information on whether the migration store is intact or whether it contains corrupted files or catalog data |
| Command Line Option, UsmtUtils.exe /extract | Recovers files from a compressed migration store |
| Subscription-Based Activation | Enables stepping up or upgrading a Windows operating system from Pro to Enterprise or from Pro Education to Education; does not upgrade from Windows 10 to 11 |
| Cloud App, Windows Store for Business | Enables access to the Windows Store and its APIs; when using Subscription-Based Activation, this needs to be excluded from any Conditional Access policies. |
| Inherited Activation | Enables Windows virtual Machines to have the same activation state as their host; only supports Windows 10 and 11; must be used with Hyper-V |
| Requirements for Subscription-Based Activation | Windows Pro or Windows Pro Education must be installed; Microsoft Entra must be available for identity management; devices must be Entra-joined or hybrid joined; for Windows Pro Education, the device must have a digital license |
| Benefits of Subscription-Based Activation | Licensing is based on Entra users and groups; upgrades are silent with no reboot requirement; supports BYOD; license assignments can be updated dynamically |
| Windows Assessment and Deployment Kit (ADK) | Set of tools necessary to customize Windows images for large-scale deployments and to test the quality and performance of existing systems. |
| Windows Pre-installation Environment (WinPE) | Small operating system used to install, deploy, and repair Windows operating systems |
| CopyPE | Creates a directory with the standard set of WinPE files; can be used to customize images and create bootable media |
| CopyPE.cmd amd64 C:\Temp | Copies that 64-bit version of WinPE to a temporary directory |
| Makewinpemedia | Creates bootable WinPE media; requires CopyPE to be run before this command will work |
| Drvload | Adds out-of-box drivers to a booted WinPE image; takes .inf files as input and cannot accept reboot requests |
| WinPeshl.ini | Replaces the default Command Prompt in WinPE with a shell app or another app; requires a file by the same name located in %SYSTEMROOT%\System32 to work |
| Startnet.cmd | Adds a customized command-line script to a WinPE image |
| wpeinit | Utility that installs plug-and-play devices, processes unattend.xml settings, and load network resources; started by Startnet.cmd |
| Windows Configuration Designer | Enables the configuration of Windows devices without imaging by creating provisioning packages that can be attached to an operating system |
| Provisioning Package | A ppkg file that acts as a container for a collection of configuration settings |
| Provisioning Package Metadata | Contains basic information about the package such as the name, description , version, ranking, and other data |
| Provisioning Package XML Descriptors | Defines a customization asset or configuration setting included in the package |
| Provisioning Package Precedence | Applies in situations where multiple packages are available for provisioning; the package owner type and the package rank level, both defined in the manifest, resolve the conflict by evaluating those values to determine which settings should be configured |
| Windows Provisioning XML | Framework that allows Microsoft and OEM components to declare configurable settings and the on-device infrastructure for applying those settings with minimal work by the component owner |
| Windows Provisioning Engine | Core component for managing provisioning and configuration at runtime |
| Windows Provisioning Trigger | Events during the lifetime of the system that start a provisioning stage |
| Static Provisioning Trigger | First stage run for provisioning to apply configuration settings to the system to setup OOBE or apply device-wide settings that cannot be done when the image is being created. |
| System Provisioning Trigger | Run during OOBE and configures system-wide settings |
| UICC Provisioning Trigger | For devices with a Universal Integrated Circuit Card, runs a stage for each new one to handle configuration and branding based on the identity of the card |
| Update Provisioning Trigger | Runs after an update to apply potential updated settings changes |
| User Provisioning Trigger | Runs during a user account setup to configure per-user settings |
| C:\Recovery\Customizations | Directory in which provisioning packages will be applied to the OS partition by the provisioning engine |
| %ProgramData%\Microsoft\Provisioning | Directory in which provisioning packages are persisted after being applied |
| Configuration Service Provider (CSP) | Interface between settings that are specified in a provisioning document and settings that are on the device; they typically map to registry keys, files, or permissions |
| Synchronization Markup Language (SyncML) | Used for data exchange between compliant servers and clients; offers an open standard to use as an alternative to vendor-specific management solutions |
| Add-ProvisioningPackage | PowerShell cmdlet that applies a provisioning package to the target |
| Remove-ProvisioningPackage | PowerShell cmdlet that removes a provisioning package on the target |
| Get-ProvisioningPackage | PowerShell cmdlet that retrieves information about an installed provisioning package |
| Export-ProvisioningPackage | PowerShell cmdlet that extracts the contents of a provisioning package |
| icd.exe | Command-line utility that interacts with provisioning packages |
| Deployment Image Servicing and Management (DISM) | Command-line tool that services Windows images |
| Command Line Option, dism/Cleanup-Mountpoints | Deletes all the resources associated with a mounted image that has been corrupted |
| Command Line Option, dism/Commit-Image | Applies the changes to the mounted image; the image remains mounted |
| Command Line Option, dism/Online | Targets the running operating system |
| Command Line Option, dism/Quiet | Suppresses information and progress output to the console; only errors are displayed |
| Command Line Option, dism/Export-DefaultAppAssociations | Retrieves the default application associations from the running operating system and stores them in an XML file |
| Command Line Option, dism/Get-DefaultAppAssociations | Displays a list of the default application associations on the specified image |
| Command Line Option, dism/Import-DefaultApppAssociations | Applies a set of default application associations to a specified image from an XML file |
| Command Line Option, dims/Mount-Image | Makes an image file available in the specified directory; supports .ffu, .wim, .vhd, and .vhdx files |
| Windows Image (WIM) | File-based format for storing all the files needed for an operating system deployment |
| Virtual Hard Disk (VHD) | Sector-0based format for storing an operating system, including all its partitions and drive information |
| Virtual Hard Disk v2 (VHDX) | Newer sector-based format for storing an operating system, including all its partitions and drive information; allows for larger storage capacity, protection against data corruption, and optimized structure for large disks. |
| Full Flash Update (FFU) | Sector-based format used to apply the image of a physical drive, including Windows, recovery, and system partition information, to a different drive |
| Command Line Option, dism/Get-ImageInfo | Displays information about the images contained in .wim, .ffu, .vhd, and .vhdx files |
| Command Line Option, dism/Apply-Unattend | Applies an Unttend.xml file to the specified image |
| Command Line Option, dism/Online/Cleanup-Image/RestoreHealth | On the running operating system, this command will scan the image for component store corruption, then perform repair operations |
| dism/Mount-Image/ImageFile:[FilePath]FileName/Index:1/MountDir:[FilePath] | Mounts a .wim, .ffu, .vhd, or .vhdx file on the device to the specified directory for servicing operations |
| Windows System Image Manager (WSIM) | Tool that creates unattended Windows Setup answer files |
| Answer File | XML-based file that contains settings definitions and values to use during Windows Setup |
| Answer File, Components | Contains all the components settings that are applied during Windows Setup; these are organized into various configuration passes. |
| Kiosk Browser App | UWP app that uses Microsoft Edge to present an IT-controlled web browser for kiosk devices |
| Windows Performance Analyzer (WPA) | Analysis tool that provides graphing capabilities, data tables, and full text search abilities |
| winrs.exe | Command-line tool that enables administrators to remotely execute most cmd commands using WS-Management |
| What scenario(s) may require Android enrollment profile token / QR code to be revoked? | If it is accidentally shared with an unauthorized party or all enrollments are completed and it is no longer necessary. |
| In which context are Linux discovery scripts run for custom compliance settings? | User context |
| Microsoft Tunnel Sites | Combination of servers into logical groups |
| What Android OS version is the minimum required for InTune enrollment? | 8.0 and above |
| Standard Client Replace Task Sequence | MDT task sequence that runs the USMT utility to backup a device's data before it is decommissioned |
| Application Virtualization (App-V) | Delivers Win32 apps to users virtual apps that are installed in a central location and can be used in real time as needeed |
| Deploy to VHD Server Task Sequence | MDT task sequence that is the same task sequence as Deploy to VHD client but is intended for servers |
| Supervised Mode | Enables software updates, feature restrictions, allowing and blocking apps, and more on Apple devices from within Intune |
| What must be enabled for LAPS to work with Intune and Entra? | Local administrator settings in Entra under Devices > Device Settings |
| What network service is required for the Microsoft Tunnel container if it is cloud-hosted? | Solution like Azure ExpressRoute that extends on the on-prem network to the cloud |
| What security feature do compliance policies integrate with to control which devices can access organizational resources? | Conditional Access |
| Enrolls iOS/iPadOS devices using a Mac computer and a USB connection from the mobile device to the Mac computer | Apple Configurator |
| What devices are eligible to use DFCI? | Devices registered by a cloud solutions partner or directly by an OEM |
| Azure Monitor Agent (AMA) | Collects data from operating systems and delivers it to Azure Monitor for use by features, insights and other services |
| Fully Managed Device (Android) | Associated with a single user and is intended for work use only |
| What is the default HTTP port for WinRM 2.0? | TCP 5985 |
| Negotiate Authentication (Windows Remote Management) | Scheme in which the client sends a requ4est to the server to authenticate; the server determines whether to use Kerberos or NTLM |
| Device Compliance Policy | Platform-specific rules you configure and deploy to groups of users or devices; devices must meet these rules to be considered compliant |
| Delivery Optimization | Reliable HTTP downloader with a cloud-managed solution that allows Windows devices to download update packages from alternate sources, such as other devices on the network or a dedicated cache server, in addition to traditional Internet-based servers. |
| Microsoft Defender for Endpoint Plan 2 | Includes device discovery, device inventory, vulnerability management, threat analytics, automated investigation and response, advanced hunting, EDR and endpoing attack notifications |
| How long can updates be paused for an Update Ring? | 35 days |
| xperf | Command-line tool that is used to control tracing and process trace data for Windows performance analysis |
| Conditions (Conditional Access) | Uses signals such as risk, device platform, and location to make access decisions |
| User Experience Virtualization (UE-V) | Capture user-customized Windows and app settings and store them in a central location so that when a user signs in, their settings are applied to that session. |
| Windows Remote Management Certificate Authentication | Scheme in which the server authenticates a client identified by an X-509 certificate |
| Multi-App Kiosk | Device runs multiple apps using the Application User Model ID (AUMID) |
| Automated Device Enrollment (ADE) | Used for corporate owned devices that should be enrolled without requiring interaction from administrators; requires the Apple Business Manager or Apple School Manager, an Apple (.p7m) token and an MDM push certificate |
| What setting or feature must be turned off to install the InTune Connector for Active Directory? | Internet Explorer Enhanced Security Configuration |
| To what must an end user belong for an app protection policy to apply? | Security group in Microsoft 365 / Entra ID |
| Enroll with User Affinity | Associates a user to a device |
| Answer File Packages | Software updates, service packs, language packs and features that are applied to the image during the offline Servicing configuration pass |
| Hardware Hash | Contains details about a device such as the manufacturer, model, serial number, hard drive serial number, timestamp and other attributes |
| Single App, Full-Screen Kiosk | Device runs as a single user account and is locked into a browser or app; new apps cannot be opened |
| Dedicated Device (Android) | Single-purpose devices that may be used for digital signage, ticket printing, inventory management or other purposes |
| How do you enable monitoring in the Microsoft Deployment Toolkit? | Open the Deployment Share Properties, select the Monitoring tab, and select Enable monitoring for this deployment share. |
| Post OS Installation Task Sequence | MDT task sequence that runs actions after the operating system has been deployed; commonly used for server deployments |
| On an Android device, what is required to receive an app protection policy? | Intune Company portal |
| Standard Server Task Sequence | Defines device attributes that should prevent devices from enrolling in Intune |
| Windows Performance Recorder (WPR) | Creates Event Tracing for Windows (ETW) recordings |
| container-tools | Module on Red Hat Enterprise Linux that contains the Podman Platform |
| ip_tables | Module in most Linux distributions required for Microsoft Tunnel; it automatically loads in most cases, but not in Red Hat Enterprise Linux |
| auditSystem, Configuration Pass | Processes unattended Windows Setup settings in system context in audit mode; must be started from sysprep |
| What environment must be correctly configured and enabled on a device for Windows Autopilot Reset to work? | Windows Recovery Environment (WinRE) |
| Device Firmware Configuration Interface (DFCI) | Enables Windows to pass management commands from Intune to UEFI on devices |
| How many enrollment profiles can exist per enrollment token? | 1,000 |
| From which email do compliance policies send email notifications if they are configured? | microsoft-noreply@microsoft.com |
| Compliance Policy, Error Code 65010 | Invalid datatype for the discovered setting |
| What Intune configuration will allow domain joins in a hybrid environment? | Configuration profile with the Domain Join template |
| WS-Management Protocol | SOP-based, firewall-friendly protocol designed for systems to locate and exchange management information |
| Shared Device Mode | Feature of Entra ID that enables the building and deployment of apps that support frontline workers and educational scenarios that required shared Android and iOS devices |
| Sysprep and Capture Task Sequence | MDT task sequence that runs the Sysprep tool to capture an image of a reference device |
| If you use Conditional Access policies that require compliant devices, what cloud app must be excluded to allow Android devices to open a Chrome tab during enrollment? | Microsoft Intune cloud app |
| Volume Purchase Program (VPP) Token | Enables the acquisition of multiple licenses for use in an organization; can be synchronized with Intune to track license use |
| SkipUserOOBE (Unattend.xml) | Deprecated setting that should not be used |
| User-Driven Installation | Enables users to sign in to an Autopilot device to initiate the configuration process |
| Error Code 65009, Compliance Policy | Invalid .json for the discovered setting |
| Where can you configure compliance policy settings? | Endpoint security > Device compliance > Compliance policy settings |
| What is the maximum number of devices that can be specified in a device limit restriction setting? | 15 |
| What is required for a user-driven deployment to hybrid Entra ID join? | Configure the Intune Connector for Active Directory, which will join the device to the on-premises domain |
| App Protection Policy | Rules that ensure organizational data remains safe or contained in a managed app |
| Custom Task Sequence | MDT Task sequence that is created by an administrator and has only one default action |
| What can a policy set contain? | Apps, app configuration policies, app protection policies, configuration profiles, compliance policies, deployment profiles, and enrollment status pages |
| What service is required on Android devices that will be enrolled in Intune? | Google Mobile Services (GMS) connectivity |
| What is the default HTTPS port for WinRM 2.0? | TCP 5986 |
| What is required for zero touch installation (ZTI) deployments? | Active Directory Domain Services, Configuration Manager, and the Microsoft Deployment Toolkit |
| Self-Deploying Mode (Windows Autopilot) | Configures a device with little to no user interaction; only supports Entra joined devices |
| Microsoft Tunnel | VPN gateway solution in Intune that runs in a Linux container and allows access to on-prem resources from iOS/iPadOS and Android devices using modern authentication and Conditional Access. |
| ODJConnectorBootstrapper.exe | Setup file for the Intune Connector for Active Directory |
| What licensing tier enables the use of Conditional Access? | Microsoft Entra ID P1 or P2 |
| How do you prevent a compliance policy from flagging a device as non-compliant because the System Account is identified as the signed in user? | Assign the compliance policy to a user group for devices that should be signed into with normal accounts. |
| windowsPE, Configuration Pass | Configures settings specific to WinPE in addition to settings that apply to installation |
| Standard Client Task Sequence | MDT task sequence that can create reference images or deploy clients |
| TrustedHosts (Windows Remote Management) | Remote computers that do not require authentication to connect; credential information may be sent to those devices. |
| Windows Performance Toolkit | Performance and monitoring tools that produce in-depth profiles of Windows operating systems and applications |
| What setting must be configured to enable the Intune Connector for Active Directory to join devices? | Delegated control over the organizational unit in which joined devices are placed |
| What is required for a user-driven deployment to Microsoft Entra ID? | Users must be allowed to join devices in Microsoft Entra ID's device settings |
| In the Microsoft Deployment Toolkit, how can you find the PowerShell commands that a given task uses? | Click "View Script" at the confirmation screen |
| Windows Remote Management | Manages hardware locally and remotely; WH protocol, Hardware diagnostics and control through baseboard management controllers, and a COM API and scripting objects that can be used to communicate remotely through the WS-Management Protocol |
| Basic Authentication, Windows Remote Management | Scheme in which the username and password are sent in clear text to the server or proxy |
| Wht role is necessary to install and set up the Intune Connector for Active Directory? | Global administrator OR Intune administrator |
| Components, Answer File | Contains all the components settings that are applied during Windows Setup; these are organized into various configuration passes |
| Components, Answer File | Contains all the components settings that are applied during Windows Setup; these are organized into various configuration passes |
| Microsoft Connected Cache Server | On-demand cache for content downloaded by Delivery Optimization; available for use with Configuration Manager |
| What is the maximum file size for an .intunewin file? | 8 GB |
| What command verifies that WinRE is enabled? | reagentc.exe /enable |
| Compliance status validity period, Intune Setting | Specifies the time frame in which devices must successfully report on all their received compliance policies; can range from 1 to 120 days |
| Endpoint Analytics | Provides insight to device performance, user experience, and other metrics from Intune-managed devices |
| How does Intune manage updates for Android devices? | Device restrictions configuration profile |
| Automated Device Enrollment Token | .p7m file that lets Intune sync information about ADE devices that are owned by an organization; it also allows Intune to upload enrollment profiles and assign them. |
| Deploy to VHD Client Task Sequence | MDT task sequence that is similar to the standard Client task sequence but also creates a virtual hard disk file on the target device and deploys the image to it |
| Lite Touch Installation (LTI) | Requires little infrastructure or user interaction and can be used to deploy Windows from a network share or physical media |
| Which two file formats are supported for importing a list of computers into the Windows Admin Center? | .txt and .csv |
| Selection Profile | MDT concept that provides a way to filter content in the Deployment Workbench |
| What two items are required for custom compliance settings? | PowerShell discovery script and JSON file with settings defined |
| How can a device contact an on-premises domain controller in a hybrid Entra ID join scenario? | Configure a VPN configuration profile in Microsoft Intune that contains any necessary certificates |
| generalize, Configuration Pass | Creates Win ref image that can be used throughout an organization; allows automation for all deployments by removing specific config data, e.g. HD specific settings, SIDs from the image; must be started from sysprep |
| Lite Touch OEM Task Sequence | MDT task sequence that preloads operating system images on a device; typically used by hardware manufacturers |
| offlineServicing, Configuration Pass | Applies unattended Windows Setup settings to an offline Windows image |
| Mark devices with no compliance policy assigned as, Intune Setting | Determines how Intune treats devices not assigned a compliance policy; if set to compliant, devices with no policy are considered compliant while Not compliant considers them non-compliant |
| Authentication Strength, Conditional Access | Defines which authentication methods can be used to access a resource; configured in Entra ID |
| Kerberos Authentication (Windows Remote Management) | Scheme in which the client and server mutually authenticate by using this service's certificate |
| winrm.cmd | Command-line tool for system management implemented in a Visual Basic Scripting Edition file |
| How do you enable remote desktop on a Windows device? | Open System Properties, select the Remote tab, then toggle the option to Allow remote connections to this computer |
| WinRMRemoteWMIUsers_(Windows Remote Management) | Local group created during setup that restricts remote access to any user that is not a member of either the local administration group or this group |
| Microsoft Defender for Endpoint Plan 1 | Includes attach surface reduction, manual response actions, centralized management, security reports and API access |
| Apple MDM Push Certificate | Required to manage iOSiPadOS and macOS devices in Intune; must be renewed annually |
| Deployment Share | Folder on a server that is shared and contains all the setup files and scripts needed for the deployment solution; it is common to have two shares, one for reference images and one for deployment |
| How do you trigger a local Autopilot reset? | CTRL+WIN+R |
| Policy Set | Creates a bundle of references to already existing management entities that need to be identified, targeted, and monitored as a single conceptual unit |
| When conflicting assignments occur for an app installation in Intune, what takes precedence? | Device Assignments |
| Windows Assessment Toolkit | Determines the quality of a running operating system or a set of components with regard to performance, reliability and functionality. |
| Data Collection Rule (DCR) | Sets of instructions used with Azure Monitor to provide a consistent and centralized way to define and customize different data collection scenarios |
| Windows Admin Center Gateway Mode | Feature of the software that enables other devices to connect; only available on Windows Server |
| Windows Autopilot | Collection of technologies used to set up and preconfigure new devices; can be used to deploy windows PCs or HoloLens 2 devices |
| Enrollment Status Page (ESP) | Displays the device's configuration progress; ensures the device is in an expected state before a user can access it. |
| When multiple app protection policies apply to the same device, what takes precedence? | The most restrictive setting, which would be block |
| SkipMachineOOBE (Unattend.xml) | Deprecated setting that should not be used |
| Enroll without User Affinity | Configures a shared device with no specific user |
| auditUser (Configuration Pass) | Processes unattended Windows Setup settings in user context in audit mode; runs after audit System and executes RunSynchronous and Run Asynchronoous commands, which can run scripts, apps, or other executables |
| Volume Activation Management Tool (VAMT) | Automates and centrally managed the Windows, Office and select other products volume and retail-activation processes |
| Compliance Policy Settings | Tenant-wide options that are similar to a built-in compliance policy that every device receives |
| DisableAutomaticReDeploymentCredentials Policy | Enables the use of local Windows Autopilot resets |
| How do you trigger a pre-provisioned deployment on a Windows Autopilot device? | Press the Windows key five times |
| Specialize (Configuration Pass) | Applies computer-specific information for the image to the device |
| Mixed-Licensing Scenario | Situation in which an organization uses a mixture of services from different subscriptions |
| For a Windows device to receive PowerShell commands remotely, what must be changed on the device's network? | The network must be set to Private or Domain unless the -SkipNetworkProfileCheck flag is toggled when enabling PSRemoting |
| Error code 65007 (Compliance Policy) | Script returned failure |
| Windows Autopilot Reset | Returns the device to a business-ready state, which allows a new user to sign in and work; does not support hybrid Entra-joined devices |
| What are the limitations of the Apple Configurator enrollment method? | The .csv file can only have 5,000 devices and the t otal number of devices already in Intune cannot exceed 75,000 |
| Are app protection policies dependent on an MDM solution? | No, they are independent because they protect apps even if the devices that install them are unmanaged and unenrolled. |
| Digest Authentication (Windows Remote Management) | Challenge-response scheme that uses server-specified data string for the challenge; only client computer can initiate this type of request, and when the server receives it, a token is returned that allows the client to pass a username and password hash |
| Error Code 65008 (Compliance Policy) | Setting missing in the script result |
| Compliance Policy | Protects organizational data by requiring users and devices to meet some requirements |
| When resetting devices, how can the existing start menu layout be retained? | Using a PowerShell script with a command-line utility such as dism |
| Near Field Communication (NFC) | Technology that enables nearby devices to connect and share data securely and wirelessly; can be used to enroll Android devices if a specially formatted tag is created |
| Temporary Access Pass (TAP) | Time-limited passcode that can be configured for single or multiple uses; enables users to sign-in with passwordless authentication methods |
| Before Android devices can be enrolled into Intune, what task must be completed? | Connect Intune to the Managed Google Play Console |
| Tunnel for MAM | Extends the Microsoft Tunnel VPN Gateway to support devices that run Android or iOS that are not enrolled in Intune |
| How can an iOS/iPadOS device be directly enrolled without user affiliation or knowing the serial number? | Exporting the Apple Configurator profile, storing on a USB drive, transferring it to the mobile device, then installing the profile |
| Intune Connector for Active Directory | Enables devices enrolled in the Windows Autopilot Deployment Program to join an on-premises Active Directory Domain Services environment |
| Microsoft Deployment Toolkit (MDT) | Unified collection of tools, processes, and guidance for automating desktop and server deployment |
| What permissions must be granted to the Configuration Manager service account in Active Directory? | Ability to create and delete computer objects in addition to reading, writing and modifying properties on the computer objects' organizational unit |
| Adoption Score | Provides visibility to where the org is on their digital transformation journey, to help ID and Enable improved experiences to reach its goals, and actions to update skills/systems to encourage a high level of quality work |
| For distributed computing environments, what technology is the best option for deploying Windows images? | DFS-R (Distributed File System - Replication), which provides central monitoring, bandwidth control, and delta replication engine |
| Standard Client Upgrade Task Sequence | MDT task sequence that performs in-place upgrades to Windows 10 |
| What would be considered a phishing-resistant MFA method? | Physical security, such as FIDO2 |
| Enable-PSRemoting | PowerShell cmdlet that enables remote management; uses WS-Management technology and only needs to be enabled on devices that will receive commands |
| Pre-Provisioned Deployment | Splits the deployment process so that the time-consuming configuration steps are done by IT, partners, or OEMs while the end user only completes a few necessary settings and policies |
| Session Control (Conditional Access) | Enables limited experiences within certain cloud apps; can be used to limit sign-in frequency, browser session requirements, and more |
| What container technologies are supported for Microsoft Tunnel? | Docker and Podman |
| Grant Control (Conditional Access) | Enables access if the sign-in meets the appropriate criteria; can be used to enforce MFA, device compliance and other controls |
| winrm quickconfig | Starts WinRM service, sets startup type to automatic, configures listener for ports that send and receive WS-Management protocol messages, defines ICF exceptions and opens ports for HTTP/S; firewall exceptions only affect current user profile |
| oobeSystem (Configuration Pass) | Configures settings that are applied during the end-user first-boot experience |
Created by:
jquraishi
Popular Computers sets