Essential Intune Interview Questions to Ace Your Next Tech Interview - Part 3

1. Explain the policies for device preparation and how to set them up in Intune

Answer:   Device preparation policies in Intune are used during Windows Autopilot provisioning to ensure that devices are properly prepared before deployment. They define tasks such as installing required apps, applying configuration profiles, and enforcing compliance before the user can access the device.

Configuration Steps:

• Go to Intune Admin Center > Devices > Windows > Windows enrollment > Deployment Profiles.

• Create a new Device Preparation Policy.

• Configure tasks like app installation, script execution, and compliance checks.

• Assign the policy to device groups.

2. Describe deployment profiles and types

Answer:   Deployment profiles in Intune define how devices are enrolled and configured during Autopilot.

Types:

• User-driven mode: End-user sets up the device with corporate branding and policies.

• Self-deploying mode: Zero-touch setup for kiosks/shared devices.

• Pre-provisioned deployment (White Glove): IT pre-configures devices before handing them to users.

• Hybrid Azure AD Join: Devices join on-prem AD and Azure AD simultaneously.

3. What is the enrollment status page, and why is it necessary? Is it required or optional?

Answer:   The Enrollment Status Page (ESP) shows progress during device setup (apps, policies, scripts). It ensures devices are fully configured before users can access them.

• Needed for: Blocking access until compliance is met.

• Mandatory? No, it’s optional, but highly recommended for enterprise deployments.

4. Explain what the Intune connector for Active Directory is and how to set it up in Intune

Answer:   The Intune Connector for Active Directory allows Hybrid Autopilot deployments by syncing device identities between on-prem AD and Azure AD.

Configuration Steps:

• Install the Intune Connector on a domain-joined server.

• Register the connector in Intune Admin Center.

• Configure Hybrid Autopilot profiles to use the connector.

5. Explain Windows Autopilot and its backend operations

Answer:   Windows Autopilot is a cloud-based provisioning technology that automates device setup.

Backend Functionality:

• Device ID (hardware hash) is registered in Intune.

• During OOBE, device contacts Autopilot service.

• Intune applies deployment profile, policies, and apps.

• Device joins Azure AD or Hybrid AD.

6. What is an Apple MDM Push Certificate? A Step-by-Step Guide to Configuring It

Answer:   Apple MDM Push Certificate allows Intune to manage iOS/iPadOS/macOS devices.

Steps:

1. In Intune Admin Center, go to Devices > iOS/iPadOS > iOS enrollment > Apple MDM Push certificate.

2. Download CSR file.

3. Go to Apple Push Certificates Portal.

4. Upload CSR, download certificate.

5. Upload certificate back to Intune.

6. Renew annually.

7. Specify the enrollment type for Apple devices in Intune

Answer:

• Automated Device Enrollment (ADE): Zero-touch via Apple Business Manager.

• Device Enrollment: Manual enrollment by users.

• User Enrollment: BYOD scenario with limited management.

• Apple Configurator Enrollment: For devices not in ABM.

8. Explain device limit restrictions in Intune, their necessity, and configuration process

Answer:   Device limit restrictions control how many devices a user can enroll.

Why needed: Prevent abuse, ensure licensing compliance. Configuration:

• Go to Intune Admin Center > Devices > Enrollment restrictions.

• Set maximum device limit per user.

9. Explain zero-touch enrollment in Intune and describe its setup process

Answer:   Zero-touch enrollment means devices are automatically enrolled without IT or user intervention.

Setup:

• Register devices in Autopilot (Windows) or Apple Business Manager (iOS/macOS).

• Assign deployment profiles.

• Devices automatically enroll during OOBE.

10. Explain BYOD in Intune. How can BYOD devices be set up and why is it necessary?

Answer:   BYOD (Bring Your Own Device) allows employees to enroll personal devices.

Configuration:

• Enable User Enrollment (Apple) or Work Profile (Android).

• Apply compliance and app protection policies. Why needed: Secure corporate data on personal devices without full control.

11. Explain what a device enrollment manager is and how to set it up in Intune

Answer:   Device Enrollment Manager (DEM) is a special account that can enroll up to 1,000 devices.

Configuration:

• Create DEM account in Azure AD.

• Assign DEM role in Intune.

• Use DEM credentials during enrollment.

12. Specify corporate device identifiers in Intune

Answer:   Corporate device identifiers are IMEI/serial numbers uploaded to Intune to mark devices as corporate-owned.

Configuration:

• Go to Intune Admin Center > Devices > Corporate device identifiers.

• Upload CSV with identifiers.

13. Explain what app selective wipe is and how to set it up in Intune

Answer:   Selective wipe removes corporate data from apps without affecting personal data.

Configuration:

• Create App Protection Policy.

• Enable Selective Wipe option.

• Trigger wipe when user leaves org or device is non-compliant.

14. Explain what configuration profiles are and their importance in Intune. How do you set them up, and can you provide an example?

Answer:   Configuration profiles apply settings like Wi-Fi, VPN, restrictions.

Why needed: Standardize device settings. Configuration:

• Go to Devices > Configuration profiles > Create profile.

• Choose platform and profile type. Example: Wi-Fi profile with SSID and password for corporate network.

15. Where can we check if any Intune admin has made changes in Intune?

Answer:   You can track admin changes via Audit Logs in Intune Admin Center.

16. What are audit logs? What purpose do they serve and how can they be beneficial?

Answer:   Audit logs record all admin actions in Intune.

Use:

• Track changes for compliance.

• Troubleshoot misconfigurations.

• Provide accountability in enterprise environments.