Now it’s time to look into the Top 75 Latest Intune Interview Questions. This is my second blog in the HTMD community post. I have prepared this Intune questionnaire with the help of Deb and Anoop. You can watch out for HTMD.Training.com videos to learn more about the latest Intune features.
These Intune Interview questions must be treated as Intune FAQs or Frequently Asked Questions. You will get all the details if you go through the questions and associated links in each question. We have added the Intune scenario-based questions as well.
I have shared the Top 50 latest SCCM interview questions and answers in this post. We have an SCCM Vs. Intune Jobs‘s post in the HTMD community and that post inspired me to share the Intune question bank with you all to crack Intune interviews.
Intune Hands-on experience is mandatory for all the Job assignments. Again I don’t think you can just learn these questions and crack the interviews. You must take an Azure subscription and test all these configurations and settings explained below. If you’re newly registering on Azure, you will get 30 days trial period where you can explore all the features.
I don’t think you could crack the Intune interview by just learning the interview questions. This is not the intention of this post or sharing this content with the HTMD community. The interviewer must be trying to analyze your technical knowledge, problem-solving, and analytical skills with Intune interview questions.
So don’t try to answer all the questions just like byhearted from a textbook. You would be able to answer the questions with the relevant experience you have with Intune administration. Most interviewers are not looking for textbook answers, but concepts are more important.
Free Intune Training | Free SCCM Training |
---|---|
The Latest Intune training is carefully designed for self-study – Intune Training Course 2023. | 37 hours of SCCM Training – latest technical content |
Video Review of Intune Interview Questions
Let’s also check the video review done by Anoop on Intune Interview questions post. This video gives deep-level details on the Top 75 Intune Interview Questions Intune Frequently Asked Questions – FAQ!
The first video on Video Review of Intune Interview Questions and Answers. We cover many scenarios in this video, such as Incident Management, Change Management, and Problem Management for Microsoft Intune support scenarios.
Top 50 Latest Intune Interview Questions and Answers
Let’s go through the top 50 latest Intune interview questions & answers in the below section of the post. I hope these questions are helpful. Let us know if you would like to add additional details to each question’s answers.
I don’t think Intune can be an expert in all the device platforms at the same time. Hence concentrate on one of the platforms during Intune interviews and tell the interviewer honestly about this.
-
What is Microsoft Intune?
Microsoft Intune is the SaaS solution provided by Microsoft. Microsoft Intune is a cloud-based solution for managing desktop and mobile device management tools.
Microsoft Intune is previously known as Windows Intune. It’s part of Microsoft’s Unified Endpoint Management (UEM) solution.
This cloud solution is used as a modern management tool. This Mobile Device Management(MDM) solution can be integrated with SCCM, Azure AD, and Active Directory.
Intune allows people in your organization to use their personal devices through Access to Work or School. Intune to protect your organizational data and isolate organizational data from personal data.
-
Who manages Intune Version Upgrades?
Intune is a Software as a Service (aka SaaS) solution. Intune server infrastructure upgrade or update is Microsoft’s responsibility.
Intune admin doesn’t have to worry about infrastructure setup, version upgrades, etc. Microsoft engineers manage these.
-
What are the benefits of Using Intune?
The tighter integration with the existing Microsoft ecosystem is one of the top benefits of Intune. There are many advantages of using Intune, and some of the benefits of using Intune are as follows:
1. Deploy apps and Security policies and more.
2. It helps in checking if apps and devices meet security standards.
3. Control how people access and share data to keep the company’s data safe.
4. It keeps data safe by adhering to the administrator’s device registration and compliance requirements. -
Is there any need for server installation for Intune?
Unlike on-prem solutions, no server infrastructure is required for Intune to function. Microsoft manages all the server infrastructure and architecture since Intune is a SaaS solution.
However, the server infra might be needed to host some additional features, such as NDES connector, etc., for certificate profile deployment. But again, these are not Intune components.
-
What are the Intune Architecture and Design Decisions?
The answer to this Intune Interview question is going a bit tricky. So be careful before answering this question. Let me explain how this question can be handled.
Intune has a server and client architecture like most device management solutions. Intune Service is the server side of the solution. The Client-side has two parts.
1. Windows MDM Client (built-in to OS)
2. Intune Management Extension (IME) agentIntune (cloud) Architecture and Design decisions are much different from the on-prem device management solutions like SCCM. Intune architecture and design decisions should be from the SaaS solution point of view.
1. No need to take any decisions on Intune server placement and architecture for core Intune infra components. This is already taken care of by Microsoft. They have servers in each region and Azure Datacenters.
2. Architecture decisions must be taken on network connectivity to Intune services from on-prem and the internet. For instance – Endpoint devices connecting from on-prem network to cloud, Admins connecting from On-prem network to Intune services.
Organizations might require a special enrollment network just to enroll the new and existing devices into Intune management using Windows Autopilot/ADE.
3. Design Decisions must be made on supported enrollment scenarios for the organization. For example: Whether you want to support Apple ADE, Android Device Admin, or Windows Autopilot types of enrollments only?
4. Design Decisions on Applications, Policies, Windows Updates, 3rd Party App updates, and Certificate deployment strategies using Intune. Packaging (MSIX) and repackaging (IntuneWin) strategies, etc.
5. The content distribution strategies with Delivery Optimization(aka DO) for on-prem and home network scenarios. Also, define the device management life cycle with Intune.
6. Attaching Intune with existing ecosystems, such as ServiceNow, SCCM, etc., is also a key design decision. More on this Architecture Decision Making Guide for 2022 or Later.
-
What types of devices can be managed with Intune?
The list of device platforms with Intune support is increasing day by day. The types of device platforms which can be enrolled are as follows:
1. Windows
2. Android
3. iOS/iPadOS
4. macOS
5. LinuxNOTE! – I don’t think Intune can simultaneously be an expert in all the device platforms. Hence concentrate on one of the platforms during Intune interviews and tell the interviewer honestly about this.
-
Where to check the status of Intune service?
The current status of the Intune can be checked from the Intune Tenant Admin– Tenant Status tab from the Intune admin portal.
-
Where can you check Intune Version Details?
You can check the Intune version details from the Intune(aka Intune admin) portal.
You can login to the Intune Portal-> Tenant Administration -> check for the Service Release number.
The Intune version or Service Release number is in YYMM format. The latest version while writing this post is 2207.
-
What is Device Enrollment in Intune context?
Device enrollment is joining workstations and mobile devices to the company’s MDM solution, like Intune.
There are different kinds of enrollment processes. For each device platform, the device enrollment process is different. The configuration and user experience for each enrollment process would be different.
An MDM certificate is issued to the device during the enrollment process. This certificate is used to communicate with the Intune service.
-
Can we manage Server Operating System with Intune?
No, Intune is an endpoint device management solution and not designed for server management. I don’t see the server support coming soon to Intune.
But Intune supports the VDI workloads hosted on operating systems Windows 10/11 multi-session (almost similar to server OS).
-
What are the options to onboard users and devices to Intune?
Again this is another one of the tricky Intune Interview questions because the question itself is not clear. Don’t hesitate to ask for clarifications if needed.
You can talk about User onboarding prerequisites such as:
1. User must have Azure AD identity.
2. User must have Intune Licenses (Azure AD P1 – for Conditional Access)Also, answer the Device onboarding to Intune question with the following answers:
1. Co-Management of Windows Devices is one of the options for existing onboard devices to Intune.
2. Windows Autopilot is another option to onboard devices to Intune.
3. Automatic Enrollment is another onboarding process for Windows Azure AD Joined Devices.
4. Intune Group Policy Enrollment is another option to onboard Hybrid AD joined devices to Intune.
5. Apple and Android devices can be enrolled using different methods supported by both Apple and Android respectively. Personal device enrollment is different from that of company-owned devices. -
Does Intune admin have an option to go back to the previous version?
I don’t think SaaS solutions work this way. You must use the current production version /portal. There is NO option to go back to the previous version of the Microsoft Intune service.
So the answer is no, going back once you receive the latest version of Intune. This applies to Intune portal as well.
-
How do the User, Device, and Group Discoveries work in Intune?
Again for SaaS solutions like Intune, the discovery of Users, Devices, and Groups doesn’t matter. This is because the solution itself is tightly integrated with Azure AD devices, User identities, and Groups.
1. Intune doesn’t have its own user and group objects, but it directly leverages or uses Azure AD users and Groups.
2. Intune uses the device identity also from Azure AD, but Intune service holds its own device objects but is tightly linked with Azure AD device objects.
-
What are the concepts of collections and groups in Intune?
There is nothing called Intune collections, unlike SCCM collections. There are no separate group objects available for Intune. Intune leverages Azure AD Groups (User and Device). There were dedicated Intune Groups during the Intune Silverlight portal timeframe.
But there is a concept related to the collection in Intune, and that is called Intune Filtering Rules. This is similar to the collection concept in SCCM. Intune filtering rules can filter devices from application or policy assignments.
Other deployment options are using Azure AD Groups as follows:
a) Assigned/Static User AAD Groups
b) Assigned/Static Device AAD Groups
c) Dynamic User AAD Groups
d) Dynamic Device AAD Groups -
What is Windows Auto Enrollment?
You can configure a policy in Intune to automatically enroll the Windows devices into Intune management when they join or register with Azure Active Directory.
This is a common solution/service Azure AD provides for all MDM providers (Intune, Airwatch, etc.). The auto-enrollment helps to manage enterprise data on your employees’ Windows devices.
-
What is Windows Autopilot? Is it a Replacement for SCCM OSD?
Windows Autopilot is a server that Microsoft provides as part of the Endpoint Manager solution to simplify the Windows Out of Box Experience (OOBE).
Windows Autopilot is not the service that provides OS deployment solutions. This service cannot deploy any operating system to Windows devices.
Autopilot works on top of a new operating system installed on a device to simplify the first login user experience (OOBE). But you must have a different solution to rebuild the Operating System of devices etc.
-
How to Onboard Devices into Windows Autopilot?
There are three different ways to onboard devices into Windows Autopilot as follows:
1. Upload the Device Hash and Assign the Deployment Profile.
2. Ask vendors to upload the new devices to Autopilot services as part of the purchase process.
3. Use Convert all targeted devices to Autopilot option if the devices are already Intune.The next time registered devices go through the Windows Out of Box Experience (OOBE), they will go through the assigned Autopilot scenario.
-
Where can you Check the Windows Autopilot Sync status with Intune Service?
You must log in to the Intune Admin (Intune) portal and navigate to:
1. Devices ->Enroll Devices -> Windows Enrollment
2. Under the section called “Windows Autopilot Deployment Program” -> click on Devices to check the Sync status of Windows Autopilot and MS Intune!The last sync request and the Last successful sync are the two timelines that can give you the details of the sync. You also can initiate a manual sync between Intune and Autopilot Service.
-
Where can you check the SCCM and Intune Sync? Cloud Attach Status?
SCCM Cloud Attach is the feature that helps to Sync SCCM devices with Intune so that Helpdesk and other teams can manage devices from the Intune portal.
You can also perform remote actions for SCCM clients from Intune portal. You can follow the steps to check the SCCM Cloud Attach Sync status with Intune:
1. Log in to the Intune Admin Center -> Navigate to Tenant Administration
2. Click on the tab – Connectors and Tokens -> click on Microsoft Endpoint Configuration ManagerThis is where you can check the SCCM and Intune sync: The connection status – Healthy and Last successful sync time along with the following details such as Name of SCCM Server, Site code, Site full version, Site mode, and Support ID.
-
SCCM Cloud Attach sync SCCM DB with Intune?
The “SCCM Cloud attach” is an on-demand connected architecture. No, Microsoft is not replicating the entire SCCM DB to Intune service!!
-
What are the Remote Assistance options available for Intune Managed devices?
Some Remote Assistance options are available within the Intune Admin center portal. The Microsoft solution to remote assistance is called Remote Help. This comes with tight integration with Intune and Azure AD, etc.
Remote Help is not part of Intune service or Intune license, but there is an additional licensing requirement for the Remote Help solution.
TeamViewer is another remote assistance solution integrated into the Intune portal. There is an additional license required for this remote assistance solution as well.
-
Which is the Recommended method to create Intune Policies?
This is another one of the tricky Intune Interview Questions because the real answer is “it depends.” In Intune, there are different methods to create policies.
The Security focused policies must be created from the Endpoint Security page, and you can create + manage different security policies such as Defender Antivirus, Encryption, Firewall, etc.
Intune policies must be created using the Settings Catalog workflow for all the different device platforms, such as Windows, iOS/iPadOS, and macOS.
-
Explain the patching mechanism in Intune.
Intune patching is entirely based on Windows Update for Business (WUfB) mechanism. You don’t need WSUS server infra for Intune patching to work. Patching with Intune is straightforward and less complex than patching with SCCM.
You don’t need to choose and create monthly patch packages in Intune. You just need to create feature and quality updates policies. There is an option to create expedited patch deployment policies using the “Quality updates for Windows 10 and later” option.
These policies help the clients to contact the WUfB service in the cloud and perform the patching process. From the client side, the patching process is handled by the WUA agent.
-
What is a Windows Autopatch patching mechanism? How is it different from the normal WUfB patching method?
Windows Autopatch is a new service that Microsoft introduced to make IT admin’s life much easier. Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates.
Windows Autopatch license is not included as part of Intune licenses. So, you need to purchase additional licenses if you don’t have appropriate licenses. Windows Autopatch automatically manages different rings as follows:
1. Modern Workplace Devices – Test
2. Modern Workplace Devices – First
3. Modern Workplace Devices – Fast
4. Modern Workplace Devices – Broad -
What is the third-party application patching solution for Intune?
Intune 3rd party patching is coming soon from Microsoft. But this needs an additional license. It’s not part of Intune basic license. SCCM has a native but very basic third-party patching solution.
But there are 3rd party application vendors such as PatchMyPC and ManageEngine that can help to get all the 3rd party patches to Intune portal in an automated fashion.
-
What are Intune App Protection or DLP Policies?
DLP or App protection policies are directly linked with Mobile Application Management (MAM) solutions. This is the solution to manage only the corporate applications instead of managing the device.
App protection policies are guidelines that ensure an organization’s data is kept safe and controlled within a managed app without managing the device using Intune. The Intune App protection policies are mainly used for iOS and Android device platforms.
The Intune App Protection Policy can be a set of behaviors that are restricted or monitored. This policy also can help prevent data leaks from corp apps to personal apps.
-
Can Intune protect Enterprise App Data without managing the device itself?
Yes, Intune can protect enterprise app data using Intune App protection or DLP or MAM policies. To enable Intune App protection policy for a particular application, you need to wrap the app with Intune App SDK.
There are 100s of vendors that have already enabled Intune App Protection policies with their apps in the Google, and Apple Play stores. Some examples are MS Office Apps, Adobe Acrobat, etc.
Intune App Protection Policies can manage and protect apps(MAM Enabled) and data without enrolling iOS, Android, or Windows devices into MDM Enrollment.
-
Can you assign Intune App Protection Policies to Azure AD Device Groups?
You can assign Intune App Protection policies to Azure AD Device Groups. But it’s not advisable to deploy an app protection policy to the device group. The Intune App protection Policies should be deployed to Azure AD User groups.
The idea behind the Intune App protection policies is to “just” manage enterprise apps and data without managing the end-user devices. In that scenario, there is no point in deploying these policies to Azure AD Device groups.
-
Is it Mandatory to enroll devices to use MAM or Intune App Protection Policies?
No, enrolling the device into Intune for deploying MAM or Intune app protection policies is not mandatory. These types of policies can be assigned to users and work without device enrollment.
-
Can you automatically migrate AD Group Policies to Intune Cloud Policies, and How do you?
Yes, you can migrate supported AD Group Policies to Intune Cloud Policies. Microsoft added a feature called Group Policy Analytics to migrate on-prem group policies to Intune Settings Catalog policies.
Use Group Policy analytics to analyze your on-prem GPOs and determine your level of modern management support. Click “Import” to begin the analysis and “Migrate” when ready to move your settings to modern management.
1. Export GPOs into XML
2. Import Group Policy XML to Intune
3. Analyse the policies to determine whether these GPOs are MDM compatible or not
4. Migrate GPOs to Intune Settings Catalog policies -
How to check Intune Policies on a particular device?
This is one of the tricky Intune Interview questions (again). You need to be careful how you answer these types of questions. The interviewer might want to know your analytical skill or problem-solving skills. My answer would be as follows:
There are different ways to check the Intune policy status. The Intune Portal Troubleshooting Blade is one of the first places I go and check to understand the end-to-end scenario of a user!
Windows Devices
1. I always start with Intune Policy Deployment Status (Device and user check-in status) to confirm whether the status shows successful or not.
2. Collect Diagnostics Logs from Intune Portal for a particular device.
3. Check the event logs from collected logs -> Event Logs – Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin
4. Look for Event ID = 814 and Windows CSP Policy Name
5. Check the registry on the device and look for User and Device policies. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\Android, macOS, and iOS/iPad OS devices
You need to follow the first step (Deployment Status) for all the following device platforms Android, macOS, and iOS/iPad OS devices. The next step is to collect logs from the Company Portal application and analyze them.
-
How many application deployment types do Intune Support?
Intune keeps on adding support to new app deployment types every now and then. Again, the interviewer must be trying to analyze your knowledge with Intune interview questions.
Do not answer the questions just like you byhearted them from somewhere. With the Intune admin experience, you should be able to recollect the main app deployment types such as MSI, MSIX, APPX, IntuneWin, etc.
Supported Intune ApplicationDeployment Types:
1. Store App
a) Android Store App
b) Microsoft Store App
c) iOS Store App
d) Managed Google Play App
2. Microsoft 365 Apps
a) Windows 10 and Later
b) macOS
3. Microsoft Edge, version 77 and later
a) Windows 10 and Later
b) macOS
4. Microsoft Defender for Endpoint
a) Windows 10 and Later
b) macOS
3. Other Options
a) Web link
b) Built-in app
c) Line of the Business app (.MSI, .MSIX, .APPX, APK, IPA, .PKG, .intuneMac, etc.)
d) Windows app (IntuneWin – Win32)
e) macOS app (.DMG, .APP)
f) Android Enterprise System App -
What are the various options for Troubleshooting Intune managed Applications?
You can get the three types of statuses from the Intune admin center portal. You get the error details from the Failed status screen. You can check Intune App Deployment reports to get more details on deployment errors.
Depending on the Intune Application Deployment type and platform, you need to adopt different methods to troubleshoot issues. For Windows devices, you can check the IME logs (IntuneWin scenarios). For other platforms, you need to check the respective log files and company portal data collection method to troubleshoot further.
a) Failed
b) Successful
c) ExcludedThe details of Intune managed application deployment that Failed to install on a device are as follows:
1. Application Created – Time Stamp
2. Application Updated – Time Stamp
3. An application attempted to Install – Time Stamp
4. App installation failed – This section gives error code details, and this is helpful for troubleshooting.
5. Device last check-in time checked – Time StampThe details of Intune managed application deployment is Excluded from a device, which is why the device is not getting the deployment.
-
Where to find Windows 10/11 Intune Event Logs?
Here is the location of MDM Event Logs – Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin
-
Where does the Intune Diagnostic report or log store?
This is one of the other tricky Intune Interview questions again! Two options exist to collect Intune Diagnostic reports from the Windows device side. You can also collect directly (manually) from Windows Device or use the Collect Diagnostic option from the Intune admin center portal.
Don’t hesitate to answer in detail on two of the scenarios. These logs will be stored in different places in those scenarios.
1. Manual Method – Windows Device Side ->Intune Diagnostic logs/reports get stored at the following default location: C:\Users\Public\Documents\MDMDiagnostics
2. Intune Admin Center (Intune Portal) ->Devices –>Select Windows platform -> Select the device from the list to collect diagnostics from the action menu. You can download it from the Device Diagnostics tab of that particular device.
-
What is Intune Management Extension (IME)? Why do you need this service?
Intune Management Extension (IME) is an additional Intune agent deployed to all Intune Managed Windows devices. Intune uses the native MDM agent available with Windows 10/11/12 client operating system.
The Windows client MDM agent has limited capabilities to deploy applications and PowerShell scripts or perform advanced device management functionalities. Hence Microsoft Intune created an additional Intune agent, and that is called IME.
IME agent is self-managed by Microsoft, and Intune admins don’t have any control over IME agent updates, health checks, etc.
-
Where are Intune Management Extension (IME) logs from Windows Stored?
You can collect all the Intune related log files, including event logs using Intune Diagnostics method. But if you are interested only in collecting Intune Management Extension (IME) logs, you can check the following path.
IME logs folder contains all the logs related to Intune Management Extension processes. For example, PowerShell script, Remediation script, IntuneWin (Intune Win32 app) deployment, etc.
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
All the Intune management logs can be collected from the settings -> Accounts -> Access School or Work -> then click on Export your management log files.
-
Are you familiar with AgentExcutor.log, and What is it used for?
The AgentExcutor.log helps troubleshoot the PowerShell script and Proactive Remediation script deployments to Windows 11 or Windows 10 PCs.
This log is part of the IME log folder located at C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
-
What Kind of Information ClientHealth.log Stores?
The ClientHealth.log records all the health and remediation actions related to Intune Management Extension agent on Windows 11 or Windows 10 clients.
This log is part of the IME log folder located at C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
-
Explain the Windows MDM Diagnostics Tool. What is it used for?
MDM diagnostic is a command-line tool that collects all MDM and Windows Autopilot related logs and events from the Windows client operating system. Most Windows Autopilot-related events, registries, and logs are consolidated into a single folder or single file.
MdmDiagnosticsTool.exe
-
What does Registry Dump hold in the Window Autopilot Troubleshooting world?
MdmDiagReport_RegistryDump.reg captures the HKLM and HKCU registry values associated with autopilot device provisioning. These details are captured via MdmDiagnosticsTool.exe.
Autopilot related values are written to HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot
-
How does Intune give users a self-service experience?
There are different options to empower end-users and provide a self-service experience for them. To provide users with a self-service experience, one can design a company portal app for any device type.
The following are some of the self-service portals available for end-users. Hopefully, Microsoft will soon be able to combine all of these together into a single portal experience.
1. Company Portal App
2. MyApps.Microsoft.com portal
3. https://www.office.com/apps
4. https://myapplications.microsoft.com/ -
What are the Patch Reporting options in Intune?
There are many default reports available in Intune, and this gives a high-level overview of patching. You can check out the default Intune reports from the Reports node in the Intune portal and navigate to the Windows updates tab.
You must set up Update Compliance to have detailed reporting on Windows patch compliance. The Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data.
The Update Compliance service provides users with a holistic view of Windows 10 or Windows 11 update compliance, update deployment, and failure troubleshooting.
-
How to Sync Intune Service or Server Side Logs to Azure Log Analytics Workspace?
You can sync Intune Service or Server side logs to Azure Log Analytics Workspace using Intune Diagnostics settings. These diagnostic settings are used to configure and export Intune platform logs and metrics to the Azure log analytics workspace.
You can create a maximum of 5 different diagnostics settings to send various logs and metrics to independent destinations.
-
How will Intune KQL Queries be useful for Admins?
You can use the KQL query to get a deep-level view of Intune device management using Azure Log Analytics. This also helps to troubleshoot all the Intune device management issues.
The following is one of the Sample KQL queries to find Hybrid Vs. Azure AD details of your device estate.
IntuneDevices | where JoinType == ‘Hybrid Azure AD joined’ | summarize OperationCount=count() by JoinType
You can also use KQL queries to check and find Dell or HP Devices from Intune Platform Logs using KQL queries. The table you need to check to find Dell or HP manufactured devices data is IntuneDevices.
-
What is the Maximum Size supported for Intune Win32 App using the IntuneWin format?
8 GB is the maximum supported size of the Win32 App application. However, you can raise a service request to increase the supported size of the application if there is any business requirement for the same.
-
How to manage the Intune Policy Conflicts?
Some types of Intune policy conflicts are automatically fixed using the Intune service side logic (such as precedence) to avoid conflicts. Some other types of policy conflict require the admin’s manual intervention.
Automatic Resolution of Policy Conflict Example – Compliance policy settings always have precedence over configuration profile settings.
Same Intune policy configurations can be deployed from different places in the Intune admin portal. If you configure the same policies with different values, Intune service is going to raise a policy conflict alert. Admin needs to edit the policy and fix the conflict manually.
-
Why do you want to use Intune Filtering Rules rather than Azure AD Group?
Again this is one of the other Intune Interview Questions. You still need Azure AD groups to target some scenarios. The Azure AD dynamic groups update mechanism is not robust as Intune admins want.
The SLA for Azure AD Dynamic group update is 24 hours, which is also a concerning point for Intune admins. Hence many admins are trying to assign apps and policies to all users or all devices and manage the deployment login with Include or Exclude Filter Rules.
Intune Filtering rules sit with Intune service layer so that it can act much faster than Azure AD dynamic groups assignment logic.
-
How to Enhance the Security Poster of Intune Managed Devices?
There are different options to enhance the security poster of Intune-managed devices. One of the options is to have stronger Azure AD Conditional Access Policies.
The other security enhancement is to look into Intune Compliance Policy options. This is to help to protect company data; the organization needs to make sure that the devices used to access company apps and data comply with certain rules.
Some of the Compliance Rules follow:
1. Encryption of Disks
2. Complex PIN
3. Latest Windows Update Patches -
What options are for deploying the Internal PKI Certificate to Intune Managed Devices?
Intune supports two different certificate deployment protocols. If you want to use deploy PKI certs to Intune-managed devices, you need to have NDES servers installed on-prem Data Center.
The following are two options for delivering certificates via Intune:
1. SCEP Protocol – > Simple Certificate Enrollment Protocol (SCEP) is an Internet Engineering Task Force (IETF) protocol and is a very popular and widely used certificate enrollment protocol.
2. PKCS Protocol – PKCS stands for “Public Key Cryptography Standards.” These are a group of public-key cryptography standards devised and published by RSA Security.
-
What do you do if an Intune app package upload is taking time from Intune portal?
I will check whether the internet connection is stable and whether the proxy is causing some issues. Also, check whether there is a global issue with Intune service. More details on troubleshooting.
You also need to check and try PowerShell commands lets to upload bigger packages. In my experience, it gives better results.
-
What will you do if the Intune policy is not getting applied to managed Devices?
The same answer as above. You will need to check the log files from the client’s side and the event logs. Again, we have discussed event logs and IME logs in the above Intune FAQ.
You can check more details on Intune troubleshooting from the YouTube video. Don’t forget to check the Intune portal reports.
-
How to Fix Intune Policy Conflict Issues?
In my experience, there could be many scenarios where you will get into Intune policy conflicts. Some of the conflicts are fixed from the server side itself using the default conflict logic in Intune.
The other parts of the conflicts need to fix manually by checking the reports from Intune admin center portal. Normally, Intune admin center will tell you which policies are getting conflict.
So, you need to remove the conflicting settings from the policies or exclude some of the devices or users from specific policies if those are assigned by mistake.
Intune Settings Catalog Decoded | Security Policy Conflicts Precedence | User Device Scopes. You can get more details from YouTube Video – https://youtu.be/S6udsxa4fs0.
Tips and Tricks to Crack Intune Interview
Let’s see some of the Tips and Tricks to Crack Intune interviews using Intune Interview Questions and Answers. In the enterprise world, you always need to test your solutions in pre-production or staging environments first with fewer users.
There should be a ring approach to all the deployments such as application, patch, Autopilot, etc. I recommend starting with a small set of users first, and then everything is ok; then you can proceed with ring-wise production rollout. Only Intune Interview Questions and Answers will not help you get an Intune job.
Understanding change management and incident management processes is important for those attending Intune interviews. Just learning Intune Interview Questions and Answers alone will not help you.
- Change Management Process
- Incident Management Process
- Deployment approach
- Test/Development
- UAT
- Production
Author
Abhinav Rana is working as an SCCM Admin. He loves to help the community by sharing his knowledge. He is a BTech graduate in Information Technology.
Thank you do much for sharing your hard earned experience. It really helped me to bit more confident in attending intune interview with basic work experience in intune. Thank you once again.
Thank you..
one of the best articles on Intune interview preparation as well as learning the Intune concepts.
Thanks Abhinav! more power to you!
Thank you very much for sharing wonderful information.
I’m grateful that you shared. Your contribution is valued.
From Jan 24 30 GB Win 32 app size supported
If a interviewer asks what you do daily as a L1 intune engineer ?How can we describe