Deploy & Update Flashcards Preview

MD-101 - Managing Modern Desktops > Deploy & Update > Flashcards

Flashcards in Deploy & Update Deck (75)
Loading flashcards...
1
Q

Dynamic Deployments

A

Windows Autopilot

Subscription Activation
-Automatically convert Win Pro to Win Enterprise

Azure Active Directory/MDM
-Connect to network and joins automatically

Provisioning Packages
-Windows Image Configuration Desginer Tool to create packages

2
Q

Traditional Deployments

A

Bare Metal

  • MDT
  • System Centre Configuration Management

Refresh
-Wipe and load with user profile with same machine

Replace
-Brand new machine and transferring user profile

In-place Upgrade

3
Q

Provisioning Package Extension

A

.ppkg

4
Q

Where can you get Windows Configuration Designer?

A

Windows ADK (Assesment and Deployment Toolkit)

Microsoft Store

5
Q

Can you email Provisioning Packages to users to confiture settings?

A

Yes, users can open the package and click add to receive the settings

6
Q

What’s the purpose of a Provisioning Package?

A

To configure or re-configure an already deployed Operating System

7
Q

How do you create a Provisioning Desktop Package?

A

By clicking under the Create tab in WCD and choosing “Provision Desktop devices” then following the wizard

8
Q

What are the purposes of Windows Autopilot?

A

Deploy Operating Systems

Reset Operating Systems

Recover Operating Systems

Repurpose Operating Systems

9
Q

Who are the three parties of Windows Autopilot?

A

Hardware Vendor
-Must provide us with Unique IDs

IT Admin
-Setup profiles in Azure to push down to end user

End User

  • Connect to Internet (brings down Unique ID)
  • Happens before they input email
  • Inputs email to associate ID with Azure
10
Q

What are Windows Autopilot Requirements?

A

WIndows 10 Version 1703

No support for Home Edition

Azure AD

MDM - Intune

11
Q

Network Protocols required for Windows Autopilot?

A

DNS

HTTP

HTTPS

NTP

12
Q

Some features of Windows Autopilot

A

Azure AD Automatic Enrollment

Profile Configuration

Company Branding

Windows Subscription Activation Pro to Ent

13
Q

Ways to get Hardware ID as a requirement for Windows Autopilot

A

OEM
-Provides a Hardware ID or Hashes

14
Q

What do you get as part of the Enterprise Mobility + Security E3 Azure License?

A

Azure Active Directory Premium P1

Azure Information Protection Premium P1

Azure Rights Management

Cloud App Security Discovery

Microsoft azure MFA

Microsoft Intune

15
Q

How do you enroll a device in Windows Autopilot on Azure?

A

Go to the Azure Portal

Navigate to Intune:

Device Enrollment - Windows Enrollment -> Windows Autopilot Devices -> Import

16
Q

How do you set up Windows Autopilot Deployment Profiles?

A

Go to Azure Portal

Navigate to Intune:
Device Enrollment -Windows Enrollment -> Windows Autopilot deployment profiles -> Create profile

17
Q

What are the two deployment modes in an Autopilot deployment profile in Intune

A

Self Deploying

User-Driven

18
Q

Best practice to Piloting a Windows Autopilot Deployment?

A
  1. Build a Windows 10 Virtual Machine
  2. Create a snapshot
  3. Retrieve the Hardware ID
  4. Reset Virtual Machine to Out of Box Experience
  5. Configure automatic enrollment and Autopilot settings within Intune
19
Q

Where can you find a step by step guide to setting up Windows Autopilot?

A

Microsoft Technet

20
Q

What are the three main components of Windows Analytics?

A
  1. Device Health
    - Tells you about a device crashing
  2. Update Compliance
    - Update states
    - Windows Defender Anti-Virus
    - Windows update for Business
    - Log analytics
  3. Upgrade Readiness
    - Windows 7, 8.1, 10
    - Systems, apps, drivers
21
Q

What would you type in the Azure Portal to get to Windows Analytics?

A

Log Analytics

22
Q

How do you access Log Analytics?

A

Resource groups in Azure Portal

23
Q

How do you install Device Health on Azure?

A

From the Log Analytics Workspace/MarketPlace

24
Q

Do you have to run scripts on the client PC to generate logs into Log Analytics?

A

Yes

25
Q

Where can you find the option to create a System Image back up?

A

Control Panel then File History

26
Q

What are the two methods used to configure Windows Update for Business?

A

Group Policy or Intune

27
Q

What are some of the most prominent features of Windows Update for Business?

A

Deployment Rings (phased deployments)

Include or exclude drivers

Integrates with SCCM, Intune and WSUS

Delivery optimization (takes away need for cache)

Info fed into Windows Analytics

28
Q

Where can you find Windows update for Business inside group policy?

A

Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Windows Update for Business

29
Q

How many feature upgrades occur within a year?

A

Twice (Spring and Fall USA)

30
Q

How often do Quality Updates occur

A

Every second Tuesday for each month

Can be deferred for a whole month

31
Q

What are some non-deferrable Updates

A

Windows defender

Anti Malware

32
Q

How do you configure Windows Update for Business in Intune?

A

Azure Portal -> Intune

Intune -> Software Updates -> Windows 10 Update Rings

33
Q

How would you create a UAT group withing the Windows 10 Update Rings section?

A

Add a “UAT” tag in Scope(tags)

34
Q

What protection level for Azure AD Conditional access policies is MFA required when the sign-in risk is medium, or high?

A

Baseline

35
Q

Which option “Join to Azure AD as” in Windows Intune in the Create profile blade for user-driven mode would you choose to join a computer to an Active Directory domain?

A

Hybrid Azure AD Joined

36
Q

What is the name of the JSON file that is used for the Autopilot profile?

A

WindowsAutoConfigurationFile.json

37
Q

Which two options are available in user-driver mode for Windows Autopilot for creating a profile?

A

Azure AD joined

Hybrid Azure AD joined

38
Q

What does the “Quality update deferral period (days) setting of the Windows Update do?

A

Specifies the number of days for Quality updates such as fixes and improvements to Windows are deferred

39
Q

Yes or No:

The Autopilot profile file named AutopilotConfigurationFile.json must be saved with Unicode or UTF-8 encoding?

A

No, it must be saved with ANSI or ASCII encoding.

Using Unicode or UTF-8 Encoding will cause Windows 10 OOBE to not follow the Autopilot experience

40
Q

How many days can you pause a device from receiving Feature Updates?

A

35 Days

41
Q

Which mode in Windows Autopilot is used to join a device to an on-premises Active Directory Domain?

A

User-Driven mode

42
Q

What protection level for Azure AD conditional access policies is MFA required when the sign-in risk is low, medium, or high?

A

Sensitive

43
Q

What type of updates are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time) which include security, critical, and driver updates?

A

Quality updates

44
Q

How do you prevent a Windows update from being shown in the “Available Updates” list?

A

Right-Click the update, and select “Hide Update”

45
Q

The Autopilot Reset option will not be enabled in Microsoft Intune for which devices?

A

Devices not on Windows 10 1703 or build 17672

46
Q

What is the term for the set of solutions for Device Health, Update Compliance, and Upgrade Readiness in the Azure Portal that provide you with extensive data about the state of devices in your deployment?

A

Windows Analytics

47
Q

What type of updates are antimalware and antispyware Definition Updates considered to be?

A

Non-deferrable updates

48
Q

Yes or No:

Does Upgrade Readiness support on-premises Windows deployments?

A

No, Upgrade Readiness is build as a cloud service

49
Q

When joining a Windows device to Azure AD during first run experience (FRX), what choice should you make on the “Who owns this PC?” screen?

A

Choose “This device belongs to my organization”

50
Q

Which FUNCTION in Windows Configuration Designer can be used to add a hardware-specific serial number as the computer name?

A

%SERIAL%

51
Q

Which delivery optimization mode gets updates from the internet directly from Microsoft but does not contact the delivery optimization cloud services?

A

Simple download mode with no peering (99)

52
Q

Which option will allow a Windows 10 Computer to wake when it is time for updates to occur, and is enabled by default?

A

The “Allow scheduled maintenance to wake up my computer at the scheduled time” Group Policy setting in “Maintenance” section in Action Center

53
Q

What is the free tool for Azure subscribers that helps you confirm applications and drivers are ready for a Windows 10 upgrade by providing application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness?

A

Windows Analytics: Upgrade Readiness

54
Q

If you use Windows Autopilot to join a device to an on-premises Active Directory domain, which method should you specify when creating Autopilot deployment profile?

A

Hybrid Azure AD

55
Q

Which command opens Software Center on a Windows 7 domain-joined computer that is upgraded to Windows 10 by using Windows Autopilot?

A

C:\Windows\CCM\SCClient.exe

56
Q

What steps should you take to test and verify that your Azure Conditional Access policy behaves as expected before rolling out the policy into production?

A

Create test users

Create a test plan and configure the policy “Evaluate a simulated sign-in”

Test your policy Cleanup

57
Q

Which kind of devices can you provision packages for the Windows Configuration Designer?

A

Desktop Devices

Mobile Devices

HoloLens Devices

Surfaces Hub Devices

Kiosk Devices

58
Q

What should be contained in the .CSV file that will be imported by Windows AutoPilot?

A

Serial Numbers

Windows Product IDs

Hardware Hashes

Other optional order ID’s o f the devices

59
Q

Which delivery optimization mode uses Background Intelligent Transfer Services (BITS) to get updates?

A

Bypass mode (100)

60
Q

What are the supported update channels for Windows Update for Business for Windows version 1903 and higher?

A

Semi-Annual Channel

Windows Insider - Fast

Windows Insider - Slow

Release Windows Insider

61
Q

Which script file retrieves the Windows AutoPilot deployment details from one or more computers?

A

Get-WindowsAutoPilotInfo.ps1

62
Q

Which Group policy configures the daily scheduled time at which Automatic Maintenance starts?

A

Automatic Maintenance Activation Boundary

63
Q

Why is the the option to block access with an Azure Conditional Access policy powerful?

A

Overrides all other assignments for a user

64
Q

Which delivery optimization mode gets updates from the Internet and from other computers on your network?

A

HTTP blended with peering behind the same NAT (1)

65
Q

Which extension is on the file created by the Get-WindowsAutoPilotInfo.ps1 script?

A

CSV

66
Q

What is a peer-to-peer client update service that uses PCs, both local PCs ad non-local devices via the Internet, to deliver updated Windows 10 bits to an organization’s networked PCs?

A

Delivery Optimization

67
Q

Which authentication method can be an authentication method with Windows Hello for Business can be a set of numbers, buy may include letters or special characters?

A

PIN

68
Q

What is a benefit of having a PIN over a password?

A

Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they’d have to steal your physical device as well

69
Q

What must you verify in your site before you create an Automatic Deployment Rule (ADR) for the first time?

A

Verify that the site has completed updates synchornization

70
Q

What setting ensures that all updates to Windows Store Apps will be downloaded?

A

The “Updated Apps Automatically” setting in the “Apps updates” section of the Windows store, which is on by default

71
Q

Which Group Policy allows you to configure the amount of time which Automatic Maintenance will delay starting from its activation boundary?

A

Automatic Maintenance Random Delay

72
Q

What protection level for Azure AD conditional access policies is MFA always required?

A

Baseline

73
Q

Yes or No:

In the windows OOBE, is joining an on-premises AD domain not supported?

A

Yes it’s not supported

If you join a PC to an AD domain during setup you should select “Set up Windows with a Local account”

74
Q

What is the order of the information that should be kept in the .CSV file that will be imported by Windows Autopilot?

A

Column A: Device Serial Number

Column B: Leave blank

Column C: Hardware Hash

75
Q

What naming convention would you use to specify computers using the department three-character acronym, followed by a hyphen, and then four numbers, for example, MKT-1234?

A

MKT-%RAND:4%