Top 75 Intune Interview Questions Intune Frequently Asked Questions - FAQ - #MSIntune

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi hello this is anupi and in this video we are going to cover an interesting topic that is nothing but in tune interview questions we have covered this in a different video but I thought we should have a version 2 of InTune interview questions so a lot of people are moving away from sscm configuration manager to InTune and they have a lot of X sscm experience and they want to utilize that experience for InTune jobs there's no easy way to pass InTune interviews you need to have hands-on experience you need to have lab experience you need to have some test environments where we you should try out things in tune comes with different device device platform supports such as Windows iOS iPad OS Mac OS so the opportunities with intuners better than configuration manager or sscm so we will look into what is in tune look into InTune architecture in tune design and lot of interview questions so get into it now let's look into top 50 in tune interview questions what is In Tune In Tune architecture InTune design decisions we have videos about it but we will quickly cover it so that you will get some idea about what we are talking about right and that is going to help you in clearing in tune interviews what is in tune this is very very high level diagram of InTune if you want to go through it you can go through it but we have covered this in what is in tune video I will link that video to the description of this video so that you can watch it so basically in tune is connected with a lot of other systems within Microsoft and InTune does a lot of things like deployment updates protection of applications and devices etc etc and this is the high level architecture of InTune so in tune is hosted in Cloud Azure cloud and the entire infrastructure part is managed by Microsoft because it is SSR solution all these part this particular part is managed by Microsoft because infra from an infrastructure side because it is a SAS solution and it is it has integration with active directory conditional access all these authentications are based on Azure active directory and this is the device part right this is one device and there are different ways to connect to InTune service different parts of intuned services configure devices protect data manage app etc etc so you need to have this picture in your mind whenever somebody asks questions about InTune you should embed this picture into your mind okay so this is more deep level architecture of InTune and basically talking about how Microsoft built the server infrastructure for intunes our solution probably this is not important for your interview but if you want to have a understanding of InTune architecture server level architecture which is fully managed by Microsoft you can refer to one of our videos called in tune architecture so I will link that video also into this video so from my interview perspective it is not very very important these few things are important cloud-based micro service architecture InTune uses cloud-based micro service architecture and client server model versus cloud service model Etc the interview questions will always differ and in tune decision design decisions are for higher level jobs if you are part of if you are going to be part of design team you need to have a proper very deep understanding of in tune design decisions what are the appropriate questions you need to ask Etc so we are having a video series about all these topics so we have a video about design decisions and what are the high level things and then we discussed about platforms enrollment methods integration options and then security policies etc etc so we will cover most of this stuff in the future videos also so I will recommend you to refer those videos as well if you want to have a deep level understanding of InTune options and design decisions Etc now let's concentrate on InTune interview questions so let's go and check out in tune interview questions so this is a first question which we covered what does Microsoft InTune as I already mentioned InTune is a SAS solution provided by Microsoft what does what does sar solution SAR solution means the infrastructure side of things the server infrastructure and network are network architecture that is entirely managed by Microsoft you just need to log into web console and manage the solution for your organization or for your client so you don't need to worry about where to host the server where to host Network equipments and what are the network configurations you need to do etc etc so that is why it's called SAS solution so it is whenever you attend interviews it should be you should be clear about SAS solution and what does it use for it is a device management solution and devices there are different types of devices device platforms Etc and a lot of lot of details are available in here so who manages InTune version upgrades this is an interesting question and basically this is a SAS solution and SAS is nothing but software as a service and the InTune server infrastructure upgrades or updates are Microsoft's responsibility and InTune admin doesn't have to worry about those infra setup version upgrades Etc unlike configuration manager now let's look into benefits of using InTune first benefit is there's no hosting of infrastructure because you can have infrastructure in the cloud and that infrastructure is managed by Microsoft and it is integrated with latest and greatest security policies identity Solutions Etc from Microsoft and it can manage different variety of device platforms and like sscm or configuration manager iOS iPad OS Mac OS Linux Chrome Windows etc etc that is a real benefit of using Microsoft InTune and more details are available here is there any need for Server installation for InTune if you want to set up an InTune infrastructure for your organization do you need to have you do we need to order servers do you need to have server infrastructure in place no there's no need for that because we have covered in the previous questions that InTune SSR solution so server infrastructure is entirely managed by Microsoft but there are some server components required such as if you want to connect your pki infrastructure using the index connector for the skip certificate deployment Etc then you need to have some connectivity back to on-prem but in tune core services are hosted by Microsoft and managed by Microsoft so you don't need to do any server infrastructure design for InTune so we have already covered this what are the design decisions etc etc so I'm not going to cover that there are there are a lot of detailed information over here so this is this is interesting the Linux part is also added over here and now you can see the Chrome I also added over here chrome chrome management is also supported by InTune but it is not a pure management Chrome devices are managed by Google work workspace admin but in tune can have a visibility of those devices and perform some remote actions so this might be an additional question in your InTune interview that whether InTune supports Chrome so you need to be careful about that particular answer so where to check the InTune status the answer is straightforward in tune 10 and admin and InTune status Tab and there are different various different ways to get the status you can explain those details if you if you want version how to check the version of InTune that is an interesting question and you can check the version from the same node tenant Administration and check for service release number right that is where you can get the version number the latest version is 2301 while recording this video let's check what is device enrollment we have covered device enrollment in a different video in very detailed device enrollment is nothing but getting the devices into InTune management how to do that there are different various way to do that so you need to go through that video and understand and test it in your lab so there could be a lot of questions related to this how the enrollment Works what are the things you need to take care for the enrollment like license etc etc so there are a lot of prerequisites I always get this question in tune supports server operating systems or not no is the answer because InTune is an endpoint device management solution at the moment and it supports only the endpoint devices so even Linux devices Linux desktop devices are supported not the server devices server OS is not supported but the catch's multi-session for avd scenario is supported Windows 10 Windows 11 multisation is supported so basically when people ask this question this is similar to enrollment question how to enroll into InTune user onboarding is also an important question because for in tune management you need to have a Azure ad identity user needs to have a Azure identity so that is important and in tune license these are the prerequisites which I mentioned about in the previous question so you need to take care of all these things when you answer your interview questions we have explained different ways for InTune enrollment on onboarding etc etc does InTune admin have an option to go back to previous version well since this is a SAS solution I don't think there would be an option to go back to the previous version of in tune but this in tune is based on microservice architecture so that Microsoft can easily fix any bugs they have so you need to be very careful about answering these types of questions this can be a bit tricky at times so be careful when you answer these types of interview questions is there something called discoveries in InTune similar to sscm they want to trick you with this kind of questions so the tight integration you need to talk about tight integration so the user identities and device identities are already there in Azure active directory and it will be available in InTune as well this is an interesting question do we have collections in InTune or groups in InTune yes groups are there but those are part of azure active directory Azure active directory groups are there but not in tune groups InTune specific groups are not there and even collections collection concept is not their collection concept was only for sscm InTune leverages Azure active directory groups user groups or device groups for application or policy deployments and it's an interesting point filtering rules in tune filtering rules that is that is better option to cover the complex deployment scenarios in InTune so maybe people will ask about what does filtering rules in tune filtering rules so you need to answer those types of questions appropriately then there would be questions like Auto enrollment what does Auto enrollment if the device is joined to Azure active directory that will automatically get enrolled into in tune so there's an option in in tune portal as well as in Azure active directory portal to configure this what does InTune autopilot is it going to replace OSD the answer is no it is not going to replace OSD OSD is a different methodology and windows autopilot is here to solve some other issues not OSD Windows autopilot is not the service that provides OS deployment Solutions this cannot deploy any operating system to Windows devices and this is the definition for autopilot if you are looking for one autopilot works on top of new operating system install installed on a device to simplify the first logon user experience so we have covered these types of scenarios in our enrollment guide so probably you can refer those to to have better understanding I mean enrollment videos how to onboard devices into autopilot so there would be lot of autopilot related questions so you need to be very thorough with Windows autopilot people will ask a lot of OSD questions in sscm interviews similar to that there are chances that the interviewer will ask lot of questions about autopilot so be ready with those answers how do we check the autopilot sync status if you go to InTune portal you can see devices enrolled devices and windows enrollment windows in Windows enrollment you have an option called Windows autopilot deployment program from there you can check the sync status of autopilot this is an interesting question so maybe there would be different types of questions related to this what does tenant attach what does Co management what is the difference between tenant attached and Co management so co-management is nothing but there are different device management solutions from Microsoft like sscm and InTune if you are managing a particular Windows device with two device Management Solutions like InTune and sscm that is what co-management is what does cloud attach or what is tenant attach Cloud attach and tenant attach are same because Microsoft renamed it sscm Cloud attaches a feature to sync SSM devices with InTune so that that in tune admin can do some remote activities without connecting to sscm console so they can use InTune portal itself and do some Remote Management of sscm managed devices but co-management is entirely different and this is where you can check the sync status of the Cloud attach go to tenant Administration in in tune portal and go to connectors and token click on endpoint Microsoft endpoint configuration manager this is this change now it is Microsoft Configuration manager now so that is where you can check the status sscm Cloud attach sync sscm database this is an interesting tricky question no it won't sync sscm database with InTune database no it is syncing the devices and having some features for admins helped us to have some remote actions on sscm managed clients what are the remote as available in InTune there's something called remote help that is introduced recently by Microsoft so this is an extra feature you need to pay some extra license for this particular feature and before that there was some TeamViewer integration for the remote assistance with InTune and for InTune managed devices as you can see over here okay this is a wide topic we have covered this in a different video what are the security policy creation options and what are the best methods etc etc settings catalog administrative templates admx templates custom admx and then template options for iOS Android devices and Mac OS devices etc etc so this is a very very wide topic you need to go through those videos to get more more details before going into interviews explain the patch mechanism in InTune this is an interesting question an InTune is integrated with Windows update for business not with wsus the patch mechanism patch deployment mechanism and patching is a different beast in in tune all together so you can see all the details over here you don't need to create monthly patch Packages Etc you need to configure the policies with the options when you want to deploy the patches how many days you want to wait before before patches getting deployed to devices and what would be the end user experience on the patch deployment when you should provide a notification or reminder to the end users Etc all those things can be configured from InTune policies and then Windows update for business service will take a look into that policy and act accordingly so that is a very high level patching mechanism from InTune site you need to be very thorough with this also Windows Auto patch what does Windows Auto patch Auto patch is a new service introduced by Microsoft and this is to make admins life more easy in tune or Auto pad service will automatically deploy the patches to different types of devices and it will tell select the devices automatically and it will create a ring and deploy it automatically so you don't need to worry about all the pilot testing and feedback etc etc you need to be very accurate in this answer about this particular question so mainly these questions are windows related questions but you can have similar questions for iOS Mac OS Android devices as well how do we do third-party patching in InTune so at the moment there's no native Solutions available while creating this video but there are third-party patch Solutions such as adaptiva patch my PC manage engine etc etc yes there are DLP Solutions available DLP policies app policies app protection policies and mainly these are used for iOS Android devices and and it is it is very popular types of policies for those types of device platforms it's a tricky question can InTune product app data without managing the device yes in tune can that is what mam is the InTune doesn't need to manage the device but in tune will manage the data for your managed application so there is a lot of manage in that if if your application is mam enabled then InTune would be able to manage the application data flow with mam policies in tune up protection policies as we discussed already can we assign InTune app protection policies to Azure Active Directory Group okay you can that's that's that's basically possible we are not managing the devices in this scenario we are managing the applications so it is better to use user groups Azure ID user groups for these types of policies app protection policies and this is a similar kind of question enroll devices into InTune as mandatory for Mam Mam InTune app protection policies no it is not can you automatically migrate on-prem Active Directory Group Policy settings to InTune Cloud policies yes there's something called Group Policy analytics you can use that and import stuff analyze and then you can create the policies that is very well possible see export import analyze migrate those are the steps you need to follow how to check InTune policies on a particular device well there are different methods but I would recommend to go into troubleshooting blade and go through all those details to easily check the policy deployment status and for Windows devices you can follow these steps for troubleshooting also you need to follow these things so how do we troubleshoot in tune in a Windows device so you need to troubleshoot from event logs if it is policy deployment registry also you can check and if it is a win32 application deployment or InTune management extension kind of deployment you need to use different log files for that okay for Android iOS Mac OS what we need to do you need to use the company portal and collect the logs and check those logs that is the method of troubleshooting application deployment types there are various application deployment types available as you can see over here store application Microsoft 365 applications etc etc lot of applications for different device platforms available so you need to be very well versed with the platform which you are going to support what are the various options for troubleshooting in tune managed application well you need to start from the troubleshooting blade in InTune portal and then you can use this method to troubleshoot further and sometimes you can collect the logs from the company portal and then troubleshoot accordingly this needs some hands-on experience to answer these types of questions then otherwise this is a starting point where to find Windows 10 Windows 11 event logs we already covered that in the previous question this is the place where you can get all the windows event logs for InTune and MDM what does InTune diagnostic report diagnostic reporters basically collection of all the logs all the information what you need to troubleshoot an InTune issue for Windows devices you can get all those details from here etc etc and you can collect the diagnostic logs from intuned Portal also so there there could be various questions related to this topic so you need to be very careful answering these and this is important InTune has any client agent we need to manually install or it will get automatically installed what are the types of client agents in tune will have so in tune uses default MDM stack which is available out of box in all the Windows operating systems Windows 10 Windows 11 Etc so that is the pure MDM part of client so with that there are some limitations you won't be able to deploy complex applications there are some limitations with that MDM stack in within the OS so what Microsoft did is Microsoft developed an additional in tune agent and automatically deployed it to all the windows devices to support the complex application deployment scenarios and a Powershell script deployment scenarios and Remediation kind of scenarios Etc and to collect some reporting data from InTune all these things into Union uses ime ime is nothing but in tune management extension and this is an additional in tune client agent on Windows 10 Windows 11 devices there are two types of client agents available for InTune okay as I mentioned before now let's look into the next question where are the ime logs stored on Windows devices okay this is an interesting question we talked about additional agent and now we are talking about troubleshooting Etc how we can find the logs related to Powershell deployment remediation script in tune in kind of application deployments Etc so this is the location program data Microsoft InTune management extension logs you have an option to copy the logs export the logs over here from settings accounts access school or work then click on export your management log files that's interesting now this is to understand probably have you done any a real world troubleshooting with in tune complex application deployment ime Etc what does this log for agent executor.lock this helps to troubleshoot Powershell script and proactive remediation script deployments onto Windows 10 and windows 11 devices so logs are available here so this is a very good question this will help interviewer to understand okay you know the things you know how to troubleshoot Powershell script and proactive remediation script deployments this is interesting as well because we are talking about IMA logs and this is another ime log to check the health of ime health and Remediation actions related to InTune management extension on Windows 11 and Windows 10 clients we have covered some part of it in the previous question but this is basically how to collect the logs and what does it use for ETC MDM Diagnostics is a command line tool that collects MDM and windows autopilot related logs and events from Windows client operating system it is not for other type of device platforms most Windows autopilot related events Registries and logs are Consolidated into single folder or single file and this is the tool we are talking about registry dump for autopilot devices the interviewer probably trying to understand are you well-versed in autopilot troubleshooting so then in that case they will ask okay what does registry dump how that is going to help you in autopilot troubleshooting okay this is the registry file term and it it provides all the details from this location and that is going to help in autopilot autopilot troubleshooting scenarios how does InTune give users a self-service experience probably from company portal sometimes or probably from I don't know enrollment scenarios some of the enrollment scenarios are user initiated company portal installation is itself is a enrollment scenario that is self-service enrollment so this is company portal application and you can go to my apps so these are the self-service options which in tune provides as part of the solution lot of details are there if they ask what is the single portal experience Etc you would be able to tell from this answer if you want to spend more time and read the answers then post the video and read it in tune patch reporting options recently Microsoft released a Windows update for business reports patching reports this is to reduce the noise from the community that there's very less details in the patching reports we need more details etc etc so that is why Microsoft worked on a patching report for InTune admins and Enterprises and they have produced holistic view of patch deployments and Patch complaints for the Enterprise customers if you if you mention about the latest things which Microsoft is releasing the then the confidence on you will get increased for interviewer all these Cloud Solutions we need to be up to date always every day or every week something is getting released and something is getting updated so that is a good sign you know that okay there's a new report default report available to get a holistic view of patching so you don't need to build a complex dashboard using log analytics Etc how to sync InTune service or server side logs to Azure log analytics workspace basically it is asking how we can get in tune platform logs stored in log analytics so there's a diagnostic settings and you can use that diagnostic settings to connect with log analytics workspace once the InTune diagnostic setting is connected to log analytics workspace then you will get all the platform related logs in tune platform related logs and you can query those with kql queries Etc that is the next question what does kql queries and how is that going to help in tune admins kql queries sometimes it is going to help you to troubleshoot sometimes it is going to help you to create dashboards custom dashboards so kql queries are very important if you are sending data to log analytics and you want to check what is there in log analytics Etc there are some sample kql queries available here you can pause it and read it and try to understand it what is the maximum InTune win32 app size which we can upload using in tune win format 8GB is the supported size but you know there's an option to increase the supported size by raising a service request with InTune support team there are some limitations for managed Google Play application uploads for fully managed Android devices as well so that is I think you can upload only 100 megabytes of APK file the maximum supported size is that but that is from Google's side that limitation is from Google's side this is valid question for many scenarios there are something called InTune policy conflicts probably you will get a question something like what does in tune policy conflicts and how to manage it how to remove the conflict so the answers are here some types of in tune policy conflicts are automatically fixed using InTune service side logic but some types you need to manually fix it so more details are available here and this is important for troubleshooting scenarios so what is conflict policy conflict policy conflict is nothing but if an admin is trying to push a profile setting a profile setting with two different values for example one profile setting has value one and the other profile setting has value zero then that is going to create a conflict when applying those policies on the client side because server is asking client to configure same policy settings with different values so that is going to create policy conflict in InTune yeah we talked about filtering rules now let's talk about filtering rules what would be the interview questions related to filtering rules what you prefer filtering rules or Azure ID groups it depends right what is your requirement filtering rules are not available for all the scenarios at the moment you need to rely on Azure ID groups as well as filtering rules maybe in future everything will be all the attributes will be available through filtering rules then probably you can deploy all the policies all the applications to all user groups or or all device groups then use the filtering rules to exclude or include some devices or some uses so that is the future of filtering rules at the moment we need to use both in my experience and this is very important to highlight two interviewers so that he will get better idea about you and your experience in in tune that is the SLA for Azure ad Dynamic group update is 24 hours from Microsoft normally it is not necessary to have 24 hours to update the dynamic groups but you cannot raise any tickets if that group is not updated within less than 24 hours so that is where filtering rules also going to help you we also provided detailed information because filtering rules sit with InTune service layout it is tightly very very tightly integrated with other components of InTune and it is easy to manage enhance security poster for InTune managed devices how to do that we can use different methods Azure ID conditional access is one of the method this is a wide question and you need to be very careful when answering this you can say okay there would be security standards in each and or every organization there would be benchmarks followed by each organization or security teams in the organization I have seen many organizations using CIS Benchmark for example CIS Benchmark can increase or enhance the security poster of InTune managed devices and you can add all these things as well complaints policies conditional access policies etc etc this is Cap profile certificate deployment this is a complex topic you can deploy pki certificates to In Tune using the ndesk connector and Skip profiles etc etc and there is a different protocol you can use that is PK CS so I talked about a tip tips and tricks to crack in tune interview in a different video I will attach that video to this video and it will be available in the description of the video as well so you can refer to that hopefully these 50 questions are going to help you we discussed actually we discussed more than 50 questions in this video because each and every question can have various different two or three questions so maybe we already discussed 75 in tune interview questions latest 75 InTune interview questions or more than that all the best for your interview in tune interview now you have seen a lot of InTune interview questions hopefully this was very helpful thank you all for watching and see you next time [Music]

Info

Channel: HTMD Community

Views: 8,680

Rating: undefined out of 5

Keywords: SCCM, Intune, Windows 11, AVD, Cloud PC, Windows 10, Top Intune Interview Questions, Top Intune FAQs, 75 Intune Interview Questions, How to Crack Intune Interview, What is Intune?, What are Filtering Rules in Intune, What are Filtering Rules in Intune?, How to prepare for Intune Interviews?, What is going to be asked in Intune Interviews?, Who manages Intune Version Upgrades?, Are you familiar with AgentExcutor.log and What is it used for?, ClientHealth

Id: nsRlHed4mhg

Channel Id: undefined

Length: 41min 4sec (2464 seconds)

Published: Fri Feb 10 2023