Sample Questions and Answers
What is the recommended way to protect corporate data in bring-your-own-device (BYOD) scenarios?
A) Use App Protection Policies (APP) without requiring full device management
B) Require full device enrollment only
C) Block all BYOD devices
D) Use VPN only
Answer: A) Use App Protection Policies (APP) without requiring full device management
Explanation: APP secures apps and data on personal devices.
Which protocol does Intune use to communicate with Windows devices during management?
A) Management uses the MDM protocol over HTTPS
B) SMB only
C) FTP
D) RDP only
Answer: A) Management uses the MDM protocol over HTTPS
Explanation: Intune uses industry-standard MDM protocols.
What is the function of “Endpoint Security” policies in Intune?
A) To configure and enforce security-related configurations like antivirus, firewall, and disk encryption
B) To manage user licenses
C) To configure VPNs only
D) To deploy Office apps
Answer: A) To configure and enforce security-related configurations like antivirus, firewall, and disk encryption
Explanation: Endpoint Security profiles focus on device protection.
What does a “Dynamic Device Group” in Azure AD allow?
A) Devices are automatically added or removed from groups based on rules like OS version or device type
B) Devices must be added manually
C) Groups only contain users
D) Groups are read-only
Answer: A) Devices are automatically added or removed from groups based on rules like OS version or device type
Explanation: Dynamic groups simplify management by automatic membership.
How do Conditional Access policies enhance endpoint security?
A) By enforcing access controls based on user, device compliance, location, and risk signals
B) By blocking all mobile devices
C) By automatically wiping devices on login
D) By disabling user accounts
Answer: A) By enforcing access controls based on user, device compliance, location, and risk signals
Explanation: Conditional Access controls access dynamically to protect resources.
Which feature allows you to create detailed audit logs for device management activities in Intune?
A) Microsoft Intune Audit Logs accessible via Azure portal
B) Windows Event Viewer only
C) Office 365 admin center only
D) PowerShell logs only
Answer: A) Microsoft Intune Audit Logs accessible via Azure portal
Explanation: Audit logs track administrative and device changes in Intune.
Which Windows Autopilot deployment profile setting specifies whether users can set up devices without user interaction?
A) User-Driven Mode
B) Self-Deploying Mode
C) White Glove Mode
D) Enrollment Status Page
Answer: B) Self-Deploying Mode
Explanation: Self-Deploying Mode allows automatic deployment without user interaction, often for kiosks or shared devices.
What is the purpose of Enrollment Status Page (ESP) in Windows Autopilot?
A) To track and display the progress of device setup and app installation during enrollment
B) To wipe the device remotely
C) To block non-compliant devices
D) To disable Windows Update
Answer: A) To track and display the progress of device setup and app installation during enrollment
Explanation: ESP improves user experience by showing setup progress and ensuring critical apps are installed.
How can a company enforce BitLocker encryption on all managed Windows devices using Intune?
A) Deploy an Endpoint Protection policy that configures BitLocker settings and requires encryption
B) Configure Group Policy only
C) Use PowerShell scripts exclusively
D) Require users to enable BitLocker manually
Answer: A) Deploy an Endpoint Protection policy that configures BitLocker settings and requires encryption
Explanation: Intune Endpoint Protection policies can enforce BitLocker encryption remotely.
What is the function of the “Managed Google Play” store in Intune for Android devices?
A) To allow administrators to approve and deploy Android apps to managed devices
B) To replace Google Play entirely
C) To manage Google accounts only
D) To control Google search history
Answer: A) To allow administrators to approve and deploy Android apps to managed devices
Explanation: Managed Google Play integrates with Intune for enterprise app management on Android.
Which policy type in Intune can restrict USB device usage on Windows 10 devices?
A) Device restriction profiles
B) Compliance policies
C) Configuration Baselines
D) App Protection Policies
Answer: A) Device restriction profiles
Explanation: Device restriction profiles allow blocking or controlling hardware features such as USB ports.
What is the difference between “Required” and “Available” app assignments in Intune?
A) “Required” apps install automatically; “Available” apps are optional and users can install them via Company Portal
B) Both install automatically
C) “Available” apps are forced to uninstall
D) “Required” apps are only visible to admins
Answer: A) “Required” apps install automatically; “Available” apps are optional and users can install them via Company Portal
Explanation: Assignment types define user installation experience.
How can you limit access to Microsoft 365 services based on device compliance status?
A) By configuring Conditional Access policies in Azure AD that require compliant devices
B) By configuring VPN profiles in Intune
C) By blocking all mobile devices
D) By setting app protection policies only
Answer: A) By configuring Conditional Access policies in Azure AD that require compliant devices
Explanation: Conditional Access enforces access restrictions based on device compliance.
What is the primary benefit of using Co-management with Microsoft Endpoint Configuration Manager and Intune?
A) To manage Windows 10 devices with both Configuration Manager and Intune, allowing gradual cloud migration
B) To allow users to choose management tool
C) To manage Linux devices
D) To disable Intune management
Answer: A) To manage Windows 10 devices with both Configuration Manager and Intune, allowing gradual cloud migration
Explanation: Co-management enables flexibility during migration to cloud-based management.
Which Intune report provides insights into device health and security posture?
A) Endpoint security report
B) App installation report
C) Device wipe report
D) VPN usage report
Answer: A) Endpoint security report
Explanation: It shows antivirus status, firewall status, encryption, and compliance.
How does Intune support remote assistance for Windows devices?
A) Through integration with TeamViewer or Quick Assist for remote control sessions
B) By remote wiping only
C) Through PowerShell scripts only
D) Remote assistance is not supported
Answer: A) Through integration with TeamViewer or Quick Assist for remote control sessions
Explanation: Intune supports remote help via supported third-party tools.
What is the significance of the “Intune Data Warehouse”?
A) It is a reporting and analytics service providing historical data on device and app management
B) It stores user passwords
C) It is a backup location for device data
D) It manages device encryption
Answer: A) It is a reporting and analytics service providing historical data on device and app management
Explanation: Data Warehouse supports advanced reporting and analytics needs.
Which of the following is a requirement for Windows Hello for Business deployment?
A) Azure AD or Hybrid Azure AD joined devices with proper certificate or key trust configuration
B) Devices must be offline only
C) Devices cannot be joined to any directory
D) Only local accounts are supported
Answer: A) Azure AD or Hybrid Azure AD joined devices with proper certificate or key trust configuration
Explanation: Windows Hello for Business uses modern authentication methods integrated with Azure AD.
How do App Configuration Policies benefit app management in Intune?
A) They allow pre-configuration of app settings to improve user experience and enforce policies
B) They uninstall apps automatically
C) They manage hardware restrictions
D) They replace app protection policies
Answer: A) They allow pre-configuration of app settings to improve user experience and enforce policies
Explanation: App Configuration Policies streamline app deployment and management.
What does the “Selective Wipe” feature in Intune do?
A) Removes corporate data and access while leaving personal data intact on BYOD devices
B) Wipes all data including personal files
C) Locks the device remotely
D) Resets the device password
Answer: A) Removes corporate data and access while leaving personal data intact on BYOD devices
Explanation: Selective Wipe is designed for personal devices with corporate data.
What is the purpose of “Windows Defender Application Control” (WDAC) in endpoint security?
A) To control which applications are allowed to run on Windows devices, enhancing security
B) To scan for malware only
C) To control device passwords
D) To configure VPNs
Answer: A) To control which applications are allowed to run on Windows devices, enhancing security
Explanation: WDAC helps prevent unauthorized or malicious apps from running.
How can IT admins ensure devices are updated with the latest security patches using Intune?
A) By configuring Windows Update Rings and monitoring update compliance reports
B) By requiring manual updates only
C) By disabling updates
D) By using VPN profiles
Answer: A) By configuring Windows Update Rings and monitoring update compliance reports
Explanation: Update Rings control deployment and enforcement of updates.
Which enrollment method is recommended for bulk provisioning of shared Windows devices?
A) Windows Autopilot with White Glove (Pre-provisioning) deployment
B) Manual setup by each user
C) Group Policy enrollment
D) Intune Company Portal only
Answer: A) Windows Autopilot with White Glove (Pre-provisioning) deployment
Explanation: White Glove allows IT to pre-configure devices before delivery.
What is the function of the “Azure AD device identity” in device management?
A) It uniquely identifies devices in Azure AD for management and policy enforcement
B) It manages user passwords
C) It configures VPN connections
D) It backs up device files
Answer: A) It uniquely identifies devices in Azure AD for management and policy enforcement
Explanation: Azure AD device identities enable access and policy control.
How can you protect corporate email on unmanaged devices using Intune?
A) Use App Protection Policies that restrict data sharing and require PIN or biometric access
B) Block all email access on mobile devices
C) Use VPN only
D) Wipe all unmanaged devices
Answer: A) Use App Protection Policies that restrict data sharing and require PIN or biometric access
Explanation: APP protects corporate data in apps even on unmanaged devices.
Which Microsoft service is integrated with Intune to provide enhanced endpoint detection and response?
A) Microsoft Defender for Endpoint
B) Azure Information Protection
C) Microsoft Teams
D) Microsoft Power BI
Answer: A) Microsoft Defender for Endpoint
Explanation: Defender for Endpoint offers advanced threat protection integrated with Intune.
What type of devices can be enrolled via Apple Automated Device Enrollment (formerly DEP) in Intune?
A) Corporate-owned Apple devices (iPhones, iPads, Macs) with zero-touch enrollment
B) Android devices only
C) Windows devices only
D) All personal devices
Answer: A) Corporate-owned Apple devices (iPhones, iPads, Macs) with zero-touch enrollment
Explanation: ADE enables automated, managed enrollment of Apple devices.
What is the primary purpose of a Compliance Policy in Intune?
A) To define settings that devices must meet to be deemed compliant for Conditional Access
B) To deploy apps
C) To manage network settings
D) To create user accounts
Answer: A) To define settings that devices must meet to be deemed compliant for Conditional Access
Explanation: Compliance policies enforce security and configuration standards.
Which PowerShell cmdlet can be used to retrieve Intune device management data?
A) Get-IntuneManagedDevice
B) Get-ADUser
C) Get-Process
D) Get-Service
Answer: A) Get-IntuneManagedDevice
Explanation: This cmdlet is part of the Microsoft Graph PowerShell module for Intune management.
What is a key advantage of using Mobile Application Management (MAM) without device enrollment?
A) It allows protecting corporate apps and data on personal devices without full device control
B) It controls all device settings
C) It disables user apps
D) It requires device wiping
Answer: A) It allows protecting corporate apps and data on personal devices without full device control
Explanation: MAM without enrollment provides data protection with minimal user impact.
How does Intune support role-based access control (RBAC)?
A) By allowing administrators to assign granular permissions to users for managing specific aspects of Intune
B) By disabling all user accounts
C) By controlling device firmware
D) By managing VPN connections
Answer: A) By allowing administrators to assign granular permissions to users for managing specific aspects of Intune
Explanation: RBAC improves security and delegation in management.
Reviews
There are no reviews yet.