Dynamic Deployments
Windows Autopilot
Subscription Activation
-Automatically convert Win Pro to Win Enterprise
Azure Active Directory/MDM
-Connect to network and joins automatically
Provisioning Packages
-Windows Image Configuration Desginer Tool to create packages
Traditional Deployments
Bare Metal
- MDT
- System Centre Configuration Management
Refresh
-Wipe and load with user profile with same machine
Replace
-Brand new machine and transferring user profile
In-place Upgrade
Provisioning Package Extension
.ppkg
Where can you get Windows Configuration Designer?
Windows ADK (Assesment and Deployment Toolkit)
Microsoft Store
Can you email Provisioning Packages to users to confiture settings?
Yes, users can open the package and click add to receive the settings
What’s the purpose of a Provisioning Package?
To configure or re-configure an already deployed Operating System
How do you create a Provisioning Desktop Package?
By clicking under the Create tab in WCD and choosing “Provision Desktop devices” then following the wizard
What are the purposes of Windows Autopilot?
Deploy Operating Systems
Reset Operating Systems
Recover Operating Systems
Repurpose Operating Systems
Who are the three parties of Windows Autopilot?
Hardware Vendor
-Must provide us with Unique IDs
IT Admin
-Setup profiles in Azure to push down to end user
End User
- Connect to Internet (brings down Unique ID)
- Happens before they input email
- Inputs email to associate ID with Azure
What are Windows Autopilot Requirements?
WIndows 10 Version 1703
No support for Home Edition
Azure AD
MDM - Intune
Network Protocols required for Windows Autopilot?
DNS
HTTP
HTTPS
NTP
Some features of Windows Autopilot
Azure AD Automatic Enrollment
Profile Configuration
Company Branding
Windows Subscription Activation Pro to Ent
Ways to get Hardware ID as a requirement for Windows Autopilot
OEM
-Provides a Hardware ID or Hashes
What do you get as part of the Enterprise Mobility + Security E3 Azure License?
Azure Active Directory Premium P1
Azure Information Protection Premium P1
Azure Rights Management
Cloud App Security Discovery
Microsoft azure MFA
Microsoft Intune
How do you enroll a device in Windows Autopilot on Azure?
Go to the Azure Portal
Navigate to Intune:
Device Enrollment - Windows Enrollment -> Windows Autopilot Devices -> Import
How do you set up Windows Autopilot Deployment Profiles?
Go to Azure Portal
Navigate to Intune:
Device Enrollment -Windows Enrollment -> Windows Autopilot deployment profiles -> Create profile
What are the two deployment modes in an Autopilot deployment profile in Intune
Self Deploying
User-Driven
Best practice to Piloting a Windows Autopilot Deployment?
- Build a Windows 10 Virtual Machine
- Create a snapshot
- Retrieve the Hardware ID
- Reset Virtual Machine to Out of Box Experience
- Configure automatic enrollment and Autopilot settings within Intune
Where can you find a step by step guide to setting up Windows Autopilot?
Microsoft Technet
What are the three main components of Windows Analytics?
- Device Health
- Tells you about a device crashing - Update Compliance
- Update states
- Windows Defender Anti-Virus
- Windows update for Business
- Log analytics - Upgrade Readiness
- Windows 7, 8.1, 10
- Systems, apps, drivers
What would you type in the Azure Portal to get to Windows Analytics?
Log Analytics
How do you access Log Analytics?
Resource groups in Azure Portal
How do you install Device Health on Azure?
From the Log Analytics Workspace/MarketPlace
Do you have to run scripts on the client PC to generate logs into Log Analytics?
Yes
Where can you find the option to create a System Image back up?
Control Panel then File History
What are the two methods used to configure Windows Update for Business?
Group Policy or Intune
What are some of the most prominent features of Windows Update for Business?
Deployment Rings (phased deployments)
Include or exclude drivers
Integrates with SCCM, Intune and WSUS
Delivery optimization (takes away need for cache)
Info fed into Windows Analytics
Where can you find Windows update for Business inside group policy?
Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Windows Update for Business
How many feature upgrades occur within a year?
Twice (Spring and Fall USA)
How often do Quality Updates occur
Every second Tuesday for each month
Can be deferred for a whole month
What are some non-deferrable Updates
Windows defender
Anti Malware
How do you configure Windows Update for Business in Intune?
Azure Portal -> Intune
Intune -> Software Updates -> Windows 10 Update Rings
How would you create a UAT group withing the Windows 10 Update Rings section?
Add a “UAT” tag in Scope(tags)
What protection level for Azure AD Conditional access policies is MFA required when the sign-in risk is medium, or high?
Baseline
Which option “Join to Azure AD as” in Windows Intune in the Create profile blade for user-driven mode would you choose to join a computer to an Active Directory domain?
Hybrid Azure AD Joined
What is the name of the JSON file that is used for the Autopilot profile?
WindowsAutoConfigurationFile.json
Which two options are available in user-driver mode for Windows Autopilot for creating a profile?
Azure AD joined
Hybrid Azure AD joined
What does the “Quality update deferral period (days) setting of the Windows Update do?
Specifies the number of days for Quality updates such as fixes and improvements to Windows are deferred
Yes or No:
The Autopilot profile file named AutopilotConfigurationFile.json must be saved with Unicode or UTF-8 encoding?
No, it must be saved with ANSI or ASCII encoding.
Using Unicode or UTF-8 Encoding will cause Windows 10 OOBE to not follow the Autopilot experience
How many days can you pause a device from receiving Feature Updates?
35 Days
Which mode in Windows Autopilot is used to join a device to an on-premises Active Directory Domain?
User-Driven mode
What protection level for Azure AD conditional access policies is MFA required when the sign-in risk is low, medium, or high?
Sensitive
What type of updates are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time) which include security, critical, and driver updates?
Quality updates
How do you prevent a Windows update from being shown in the “Available Updates” list?
Right-Click the update, and select “Hide Update”
The Autopilot Reset option will not be enabled in Microsoft Intune for which devices?
Devices not on Windows 10 1703 or build 17672
What is the term for the set of solutions for Device Health, Update Compliance, and Upgrade Readiness in the Azure Portal that provide you with extensive data about the state of devices in your deployment?
Windows Analytics
What type of updates are antimalware and antispyware Definition Updates considered to be?
Non-deferrable updates
Yes or No:
Does Upgrade Readiness support on-premises Windows deployments?
No, Upgrade Readiness is build as a cloud service
When joining a Windows device to Azure AD during first run experience (FRX), what choice should you make on the “Who owns this PC?” screen?
Choose “This device belongs to my organization”
Which FUNCTION in Windows Configuration Designer can be used to add a hardware-specific serial number as the computer name?
%SERIAL%
Which delivery optimization mode gets updates from the internet directly from Microsoft but does not contact the delivery optimization cloud services?
Simple download mode with no peering (99)
Which option will allow a Windows 10 Computer to wake when it is time for updates to occur, and is enabled by default?
The “Allow scheduled maintenance to wake up my computer at the scheduled time” Group Policy setting in “Maintenance” section in Action Center
What is the free tool for Azure subscribers that helps you confirm applications and drivers are ready for a Windows 10 upgrade by providing application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness?
Windows Analytics: Upgrade Readiness
If you use Windows Autopilot to join a device to an on-premises Active Directory domain, which method should you specify when creating Autopilot deployment profile?
Hybrid Azure AD
Which command opens Software Center on a Windows 7 domain-joined computer that is upgraded to Windows 10 by using Windows Autopilot?
C:\Windows\CCM\SCClient.exe
What steps should you take to test and verify that your Azure Conditional Access policy behaves as expected before rolling out the policy into production?
Create test users
Create a test plan and configure the policy “Evaluate a simulated sign-in”
Test your policy Cleanup
Which kind of devices can you provision packages for the Windows Configuration Designer?
Desktop Devices
Mobile Devices
HoloLens Devices
Surfaces Hub Devices
Kiosk Devices
What should be contained in the .CSV file that will be imported by Windows AutoPilot?
Serial Numbers
Windows Product IDs
Hardware Hashes
Other optional order ID’s o f the devices
Which delivery optimization mode uses Background Intelligent Transfer Services (BITS) to get updates?
Bypass mode (100)
What are the supported update channels for Windows Update for Business for Windows version 1903 and higher?
Semi-Annual Channel
Windows Insider - Fast
Windows Insider - Slow
Release Windows Insider
Which script file retrieves the Windows AutoPilot deployment details from one or more computers?
Get-WindowsAutoPilotInfo.ps1
Which Group policy configures the daily scheduled time at which Automatic Maintenance starts?
Automatic Maintenance Activation Boundary
Why is the the option to block access with an Azure Conditional Access policy powerful?
Overrides all other assignments for a user
Which delivery optimization mode gets updates from the Internet and from other computers on your network?
HTTP blended with peering behind the same NAT (1)
Which extension is on the file created by the Get-WindowsAutoPilotInfo.ps1 script?
CSV
What is a peer-to-peer client update service that uses PCs, both local PCs ad non-local devices via the Internet, to deliver updated Windows 10 bits to an organization’s networked PCs?
Delivery Optimization
Which authentication method can be an authentication method with Windows Hello for Business can be a set of numbers, buy may include letters or special characters?
PIN
What is a benefit of having a PIN over a password?
Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they’d have to steal your physical device as well
What must you verify in your site before you create an Automatic Deployment Rule (ADR) for the first time?
Verify that the site has completed updates synchornization
What setting ensures that all updates to Windows Store Apps will be downloaded?
The “Updated Apps Automatically” setting in the “Apps updates” section of the Windows store, which is on by default
Which Group Policy allows you to configure the amount of time which Automatic Maintenance will delay starting from its activation boundary?
Automatic Maintenance Random Delay
What protection level for Azure AD conditional access policies is MFA always required?
Baseline
Yes or No:
In the windows OOBE, is joining an on-premises AD domain not supported?
Yes it’s not supported
If you join a PC to an AD domain during setup you should select “Set up Windows with a Local account”
What is the order of the information that should be kept in the .CSV file that will be imported by Windows Autopilot?
Column A: Device Serial Number
Column B: Leave blank
Column C: Hardware Hash
What naming convention would you use to specify computers using the department three-character acronym, followed by a hyphen, and then four numbers, for example, MKT-1234?
MKT-%RAND:4%