Microsoft MD-102 Practice Test - Questions Answers, Page 10

Intune supported operating systems

Intune supports devices running the following operating systems (OS):

iOS

Android

Windows

macOS

Note: View the device compliance settings for the different device platforms:

Android device administrator

Android Enterprise

iOS

macOS

Windows Holographic for Business

Windows 8.1 and later

Windows 10/11

Reference: https://docs.microsoft.com/en-us/mem/intune/fundamentals/supported-devicesbrowsers

https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

You can use the Power BI Compliance app to load interactive, dynamically generated reports for your

Intune tenant. Additionally, you can load your tenant data in Power BI using the OData link. Intune provides connection settings to your tenant so that you can view the following sample reports and charts related to:

Devices

Enrollment

App protection policy

Compliance policy

Device configuration profiles

Software updates

Device inventory logs

Note: Load the data in Power BI using the OData link

With a client authenticated to Azure AD, the OData URL connects to the RESTful endpoint in the Data

Warehouse API that exposes the data model to your reporting client. Follow these instructions to use

Power BI Desktop to connect and create your own reports.

Sign in to the Microsoft Endpoint Manager admin center.

Select Reports > Intune Data warehouse > Data warehouse.

Retrieve the custom feed URL from the reporting blade, for example:

https://fef.{yourtenant}.manage.microsoft.com/ReportingService/DataWarehouseFEService/dates?api-version=v1.0

Open Power BI Desktop.

Choose File > Get Data. Select OData feed.

Choose Basic.

Type or paste the OData URL into the URL box.

Select OK.

If you have not authenticated to Azure AD for your tenant from the Power BI desktop client, type your credentials. To gain access to your data, you must authorize with Azure Active Directory (Azure AD) using OAuth 2.0.

Select Organizational account.

Type your username and password.

Select Sign In.

Select Connect.

Select Load.

Reference: https://docs.microsoft.com/en-us/mem/intune/developer/reports-proc-get-a-linkpowerbi

Box 1: Configuration profile

Create a trusted certificate profile.

Box 2: Trusted certificate

When using Intune to provision devices with certificates to access your corporate resources and network, use a trusted certificate profile to deploy the trusted root certificate to those devices.

Trusted root certificates establish a trust from the device to your root or intermediate (issuing) CA from which the other certificates are issued.

Reference: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root

Common signals that Conditional Access can take in to account when making a policy decision include the following signals:

* User or group membership

Policies can be targeted to specific users and groups giving administrators fine-grained control over access.

* Device

Users with devices of specific platforms or marked with a specific state can be used when enforcing

Conditional Access policies.

Use filters for devices to target policies to specific devices like privileged access workstations.

* Etc.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview

User sign-in frequency

Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource.

The Azure Active Directory (Azure AD) default configuration for user sign-in frequency is a rolling window of 90 days.

Sign-in frequency control

Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.

Browse to Azure Active Directory > Security > Conditional Access.

Select New policy.

Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.

Choose all required conditions for customer's environment, including the target cloud apps.

Under Access controls > Session.

Select Sign-in frequency.

Choose Periodic reauthentication and enter a value of hours or days or select Every time.

Save your policy.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howtoconditional-access-session-lifetime

Manage iOS/iPadOS software update policies in Intune, delay visibility of software updates.

When you use update policies for iOS, you might have need to delay visibility of an iOS software update. Reasons to delay visibility include:

Prevent users from updating the OS manually

To deploy an older update while preventing users from installing a more recent one

To delay visibility, deploy a device restriction template that configures the following settings:

Defer software updates = Yes

This doesn't affect any scheduled updates. It represents days before software updates are visible to end users after release.

Delay default visibility of software updates = 1 to 90

90 days is the maximum delay that Apple supports.

Reference: https://docs.microsoft.com/en-us/mem/intune/protect/software-updates-ios

Microsoft Defender for Endpoint – Important Service and Endpoint Settings You Should Configure

Right Now.

As a prerequisite, however, head to tenant administration > connectors and tokens > Microsoft

Defender for Endpoint and confirm the connection is enabled. You previously set this up in the advanced settings of Microsoft 365 Defender.

Reference: https://petri.com/microsoft-defender-for-endpoint-which-settings-configure-right-now/

Onboarding from the Endpoint analytics portal is required for Intune managed devices.

Reference: https://docs.microsoft.com/en-us/mem/analytics/enroll-intune