Scribd
Upload
45 views33 pages

Top 75 Latest Intune Interview Questions and Answers HTMD Blog

The document provides a comprehensive list of the top 75 latest Intune interview questions and answers, aimed at helping candidates prepare for Intune-related job interviews. It emphasizes the importance of hands-on experience with Intune and encourages candidates to understand concepts rather than just memorize answers. Additionally, it offers insights into Intune's features, benefits, and management processes, along with links to further resources for learning.

Uploaded by

Suresh Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views33 pages

Top 75 Latest Intune Interview Questions and Answers HTMD Blog

The document provides a comprehensive list of the top 75 latest Intune interview questions and answers, aimed at helping candidates prepare for Intune-related job interviews. It emphasizes the importance of hands-on experience with Intune and encourages candidates to understand concepts rather than just memorize answers. Additionally, it offers insights into Intune's features, benefits, and management processes, along with links to further resources for learning.

Uploaded by

Suresh Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Get AI benefits for startups


Optimize your cloud costs to extend your
runway with Google Cloud

Google Cloud Startups Apply Now

Top 75 Latest Intune Interview Questions and Answers


Last Updated: July 6, 2023 by Abhinav Rana

Get AI benefits for startups


Optimize your cloud costs to extend your
runway with Google Cloud

Google Cloud Startups Apply Now

Now it’s time to look into the Top 75 Latest Intune Interview Questions. This is my second blog in the
HTMD community post. I have prepared this Intune questionnaire with the help of Deb and Anoop. You
can watch out for HTMD.Training.com videos to learn more about the latest Intune features.

These Intune Interview questions must be treated as Intune FAQs or Frequently Asked Questions. You will
get all the details if you go through the questions and associated links in each question. We have added
the Intune scenario-based questions as well.
AI program for your startup
I have shared the Top 50 latestOptimize
SCCM interview
your cloudquestions and answers
costs to extend post. We have anApply
in thiswith
your runway SCCM Now
Vs. Intune Jobs‘s post in the HTMD
Googlecommunity
Cloud and that post inspired me to share the Intune question

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 1/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

bank with you all to crack Intune interviews.

Intune Hands-on experience is mandatory for all the Job assignments. Again I don’t think you can just
learn these questions and crack the interviews. You must take an Azure subscription and test all these
configurations and settings explained below. If you’re newly registering on Azure, you will get 30 days
trial period where you can explore all the features.

I don’t think you could crack the Intune interview by just learning the interview questions. This is not the
intention of this post or sharing this content with the HTMD community. The interviewer must be trying
to analyze your technical knowledge, problem-solving, and analytical skills with Intune interview
questions.

So don’t try to answer all the questions just like byhearted from a textbook. You would be able to answer
the questions with the relevant experience you have with Intune administration. Most interviewers are not
looking for textbook answers, but concepts are more important.

Free Intune Training Free SCCM Training

The Latest Intune training is carefully designed 37 hours of SCCM Training – latest technical
for self-study – Intune Training Course 2023. content

Top 50 Latest Intune Interview Questions and Answers – Table 1

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 2/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Top 50 Latest Intune Interview Questions and Answers 1

Video Review of Intune Interview Questions

Let’s also check the video review done by Anoop on Intune Interview questions post. This video gives
deep-level details on the Top 75 Intune Interview Questions Intune Frequently Asked Questions – FAQ!

Top 75 Intune Interview Questions Intune Frequently Asked Questions - FAQ - #MSIntune

Video Review of Intune Interview Questions

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 3/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

The first video on Video Review of Intune Interview Questions and Answers. We cover many
scenarios in this video, such as Incident Management, Change Management, and Problem
Management for Microsoft Intune support scenarios.

Intune Interview Questions and Answers | Strategies you must learn

Top 50 Latest Intune Interview Questions and Answers

Top 50 Latest Intune Interview Questions and Answers

Let’s go through the top 50 latest Intune interview questions & answers in the below section of the
post. I hope these questions are helpful. Let us know if you would like to add additional details to each
question’s answers.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 4/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

I don’t think Intune can be an expert in all the device platforms at the same time. Hence concentrate on
one of the platforms during Intune interviews and tell the interviewer honestly about this.

1. What is Microsoft Intune?

Microsoft Intune is the SaaS solution provided by Microsoft. Microsoft Intune is a cloud-based
solution for managing desktop and mobile device management tools.

Microsoft Intune is previously known as Windows Intune. It’s part of Microsoft’s Unified Endpoint
Management (UEM) solution.

This cloud solution is used as a modern management tool. This Mobile Device Management(MDM)
solution can be integrated with SCCM, Azure AD, and Active Directory.

Intune allows people in your organization to use their personal devices through Access to Work or
School. Intune to protect your organizational data and isolate organizational data from personal
data.

2. Who manages Intune Version Upgrades?

Intune is a Software as a Service (aka SaaS) solution. Intune server infrastructure upgrade or
update is Microsoft’s responsibility.

Intune admin doesn’t have to worry about infrastructure setup, version upgrades, etc. Microsoft
engineers manage these.

3. What are the benefits of Using Intune?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 5/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

The tighter integration with the existing Microsoft ecosystem is one of the top benefits of
Intune. There are many advantages of using Intune, and some of the benefits of using Intune are
as follows:

1. Deploy apps and Security policies and more.


2. It helps in checking if apps and devices meet security standards.
3. Control how people access and share data to keep the company’s data safe.
4. It keeps data safe by adhering to the administrator’s device registration and compliance
requirements.
4. Is there any need for server installation for Intune?

Unlike on-prem solutions, no server infrastructure is required for Intune to function. Microsoft
manages all the server infrastructure and architecture since Intune is a SaaS solution.

However, the server infra might be needed to host some additional features, such as NDES
connector, etc., for certificate profile deployment. But again, these are not Intune components.

5. What are the Intune Architecture and Design Decisions?

The answer to this Intune Interview question is going a bit tricky. So be careful before answering
this question. Let me explain how this question can be handled.

Intune has a server and client architecture like most device management solutions. Intune Service
is the server side of the solution. The Client-side has two parts.

1. Windows MDM Client (built-in to OS)


2. Intune Management Extension (IME) agent

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 6/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Intune (cloud) Architecture and Design decisions are much different from the on-prem device
management solutions like SCCM. Intune architecture and design decisions should be from the
SaaS solution point of view.

1. No need to take any decisions on Intune server placement and architecture for core Intune infra
components. This is already taken care of by Microsoft. They have servers in each region and Azure
Datacenters.

2. Architecture decisions must be taken on network connectivity to Intune services from on-prem
and the internet. For instance – Endpoint devices connecting from on-prem network to cloud,
Admins connecting from On-prem network to Intune services.

Organizations might require a special enrollment network just to enroll the new and existing
devices into Intune management using Windows Autopilot/ADE.

3. Design Decisions must be made on supported enrollment scenarios for the organization. For
example: Whether you want to support Apple ADE, Android Device Admin, or Windows Autopilot
types of enrollments only?

4. Design Decisions on Applications, Policies, Windows Updates, 3rd Party App updates, and
Certificate deployment strategies using Intune. Packaging (MSIX) and repackaging (IntuneWin)
strategies, etc.

5. The content distribution strategies with Delivery Optimization(aka DO) for on-prem and home
network scenarios. Also, define the device management life cycle with Intune.

6. Attaching Intune with existing ecosystems, such as ServiceNow, SCCM, etc., is also a key design
decision. More on this Architecture Decision Making Guide for 2022 or Later.
6. What types of devices can be managed with Intune?

The list of device platforms with Intune support is increasing day by day. The types of device
platforms which can be enrolled are as follows:

1. Windows
2. Android
3. iOS/iPadOS
4. macOS
5. Linux

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 7/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

NOTE! – I don’t think Intune can simultaneously be an expert in all the device platforms. Hence
concentrate on one of the platforms during Intune interviews and tell the interviewer honestly
about this.
7. Where to check the status of Intune service?

The current status of the Intune can be checked from the Intune Tenant Admin– Tenant Status
tab from the Intune admin portal.

8. Where can you check Intune Version Details?

You can check the Intune version details from the Intune(aka Intune admin) portal.

You can login to the Intune Portal-> Tenant Administration -> check for the Service Release
number.

The Intune version or Service Release number is in YYMM format. The latest version while writing
this post is 2207.

9. What is Device Enrollment in Intune context?

Device enrollment is joining workstations and mobile devices to the company’s MDM solution,
like Intune.

There are different kinds of enrollment processes. For each device platform, the device enrollment
process is different. The configuration and user experience for each enrollment process would be
different.

An MDM certificate is issued to the device during the enrollment process. This certificate is used
to communicate with the Intune service.

10. Can we manage Server Operating System with Intune?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 8/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

No, Intune is an endpoint device management solution and not designed for server
management. I don’t see the server support coming soon to Intune.

But Intune supports the VDI workloads hosted on operating systems Windows 10/11 multi-session
(almost similar to server OS).
11. What are the options to onboard users and devices to Intune?

Again this is another one of the tricky Intune Interview questions because the question itself is not
clear. Don’t hesitate to ask for clarifications if needed.

You can talk about User onboarding prerequisites such as:

1. User must have Azure AD identity.


2. User must have Intune Licenses (Azure AD P1 – for Conditional Access)

Also, answer the Device onboarding to Intune question with the following answers:

1. Co-Management of Windows Devices is one of the options for existing onboard devices to
Intune.
2. Windows Autopilot is another option to onboard devices to Intune.
3. Automatic Enrollment is another onboarding process for Windows Azure AD Joined Devices.
4. Intune Group Policy Enrollment is another option to onboard Hybrid AD joined devices to
Intune.
5. Apple and Android devices can be enrolled using different methods supported by both Apple
and Android respectively. Personal device enrollment is different from that of company-owned
devices.

12. Does Intune admin have an option to go back to the previous version?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 9/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

I don’t think SaaS solutions work this way. You must use the current production version /portal.
There is NO option to go back to the previous version of the Microsoft Intune service.

So the answer is no, going back once you receive the latest version of Intune. This applies to
Intune portal as well.
13. How do the User, Device, and Group Discoveries work in Intune?

Again for SaaS solutions like Intune, the discovery of Users, Devices, and Groups doesn’t matter.
This is because the solution itself is tightly integrated with Azure AD devices, User identities, and
Groups.

1. Intune doesn’t have its own user and group objects, but it directly leverages or uses Azure AD
users and Groups.

2. Intune uses the device identity also from Azure AD, but Intune service holds its own device
objects but is tightly linked with Azure AD device objects.

14. What are the concepts of collections and groups in Intune?

There is nothing called Intune collections, unlike SCCM collections. There are no separate group
objects available for Intune. Intune leverages Azure AD Groups (User and Device). There were
dedicated Intune Groups during the Intune Silverlight portal timeframe.

But there is a concept related to the collection in Intune, and that is called Intune Filtering Rules.
This is similar to the collection concept in SCCM. Intune filtering rules can filter devices from
application or policy assignments.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 10/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Other deployment options are using Azure AD Groups as follows:

a) Assigned/Static User AAD Groups


b) Assigned/Static Device AAD Groups
c) Dynamic User AAD Groups
d) Dynamic Device AAD Groups
15. What is Windows Auto Enrollment?

You can configure a policy in Intune to automatically enroll the Windows devices into Intune
management when they join or register with Azure Active Directory.

This is a common solution/service Azure AD provides for all MDM providers (Intune, Airwatch,
etc.). The auto-enrollment helps to manage enterprise data on your employees’ Windows devices.

16. What is Windows Autopilot? Is it a Replacement for SCCM OSD?

Windows Autopilot is a server that Microsoft provides as part of the Endpoint Manager solution
to simplify the Windows Out of Box Experience (OOBE).

Windows Autopilot is not the service that provides OS deployment solutions. This service cannot
deploy any operating system to Windows devices.

Autopilot works on top of a new operating system installed on a device to simplify the first login
user experience (OOBE). But you must have a different solution to rebuild the Operating System
of devices etc.

17. How to Onboard Devices into Windows Autopilot?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 11/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

There are three different ways to onboard devices into Windows Autopilot as follows:

1. Upload the Device Hash and Assign the Deployment Profile.


2. Ask vendors to upload the new devices to Autopilot services as part of the purchase process.
3. Use Convert all targeted devices to Autopilot option if the devices are already Intune.

The next time registered devices go through the Windows Out of Box Experience (OOBE), they will
go through the assigned Autopilot scenario.
18. Where can you Check the Windows Autopilot Sync status with Intune Service?

You must log in to the Intune Admin (Intune) portal and navigate to:

1. Devices ->Enroll Devices -> Windows Enrollment


2. Under the section called “Windows Autopilot Deployment Program” -> click on Devices to
check the Sync status of Windows Autopilot and MS Intune!

The last sync request and the Last successful sync are the two timelines that can give you the
details of the sync. You also can initiate a manual sync between Intune and Autopilot Service.

19. Where can you check the SCCM and Intune Sync? Cloud Attach Status?

SCCM Cloud Attach is the feature that helps to Sync SCCM devices with Intune so that Helpdesk
and other teams can manage devices from the Intune portal.

You can also perform remote actions for SCCM clients from Intune portal. You can follow the steps
to check the SCCM Cloud Attach Sync status with Intune:

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 12/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

1. Log in to the Intune Admin Center -> Navigate to Tenant Administration


2. Click on the tab – Connectors and Tokens -> click on Microsoft Endpoint Configuration
Manager

This is where you can check the SCCM and Intune sync: The connection status – Healthy and Last
successful sync time along with the following details such as Name of SCCM Server, Site code,
Site full version, Site mode, and Support ID.
20. SCCM Cloud Attach sync SCCM DB with Intune?

The “SCCM Cloud attach” is an on-demand connected architecture. No, Microsoft is not
replicating the entire SCCM DB to Intune service!!

21. What are the Remote Assistance options available for Intune Managed
devices?

Some Remote Assistance options are available within the Intune Admin center portal. The
Microsoft solution to remote assistance is called Remote Help. This comes with tight integration
with Intune and Azure AD, etc.

Remote Help is not part of Intune service or Intune license, but there is an additional licensing
requirement for the Remote Help solution.

TeamViewer is another remote assistance solution integrated into the Intune portal. There is an
additional license required for this remote assistance solution as well.

22. Which is the Recommended method to create Intune Policies?

This is another one of the tricky Intune Interview Questions because the real answer is “it depends.”
In Intune, there are different methods to create policies.

The Security focused policies must be created from the Endpoint Security page, and you can
create + manage different security policies such as Defender Antivirus, Encryption, Firewall, etc.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 13/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Intune policies must be created using the Settings Catalog workflow for all the different device
platforms, such as Windows, iOS/iPadOS, and macOS.
23. Explain the patching mechanism in Intune.

Intune patching is entirely based on Windows Update for Business (WUfB) mechanism. You don’t
need WSUS server infra for Intune patching to work. Patching with Intune is straightforward and
less complex than patching with SCCM.

You don’t need to choose and create monthly patch packages in Intune. You just need to create
feature and quality updates policies. There is an option to create expedited patch deployment
policies using the “Quality updates for Windows 10 and later” option.

These policies help the clients to contact the WUfB service in the cloud and perform the patching
process. From the client side, the patching process is handled by the WUA agent.

24. What is a Windows Autopatch patching mechanism? How is it different from


the normal WUfB patching method?

Windows Autopatch is a new service that Microsoft introduced to make IT admin’s life much easier.
Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for
enterprise, Microsoft Edge, and Microsoft Teams updates.

Windows Autopatch license is not included as part of Intune licenses. So, you need to purchase
additional licenses if you don’t have appropriate licenses. Windows Autopatch automatically
manages different rings as follows:

1. Modern Workplace Devices – Test


2. Modern Workplace Devices – First
3. Modern Workplace Devices – Fast
4. Modern Workplace Devices – Broad

25. What is the third-party application patching solution for Intune?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 14/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Intune 3rd party patching is coming soon from Microsoft. But this needs an additional license. It’s
not part of Intune basic license. SCCM has a native but very basic third-party patching solution.

But there are 3rd party application vendors such as PatchMyPC and ManageEngine that can help
to get all the 3rd party patches to Intune portal in an automated fashion.
26. What are Intune App Protection or DLP Policies?

DLP or App protection policies are directly linked with Mobile Application Management (MAM)
solutions. This is the solution to manage only the corporate applications instead of managing the
device.

App protection policies are guidelines that ensure an organization’s data is kept safe and
controlled within a managed app without managing the device using Intune. The Intune App
protection policies are mainly used for iOS and Android device platforms.

The Intune App Protection Policy can be a set of behaviors that are restricted or monitored. This
policy also can help prevent data leaks from corp apps to personal apps.

27. Can Intune protect Enterprise App Data without managing the device itself?

Yes, Intune can protect enterprise app data using Intune App protection or DLP or MAM policies.
To enable Intune App protection policy for a particular application, you need to wrap the app with
Intune App SDK.

There are 100s of vendors that have already enabled Intune App Protection policies with their
apps in the Google, and Apple Play stores. Some examples are MS Office Apps, Adobe Acrobat,
etc.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 15/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Intune App Protection Policies can manage and protect apps(MAM Enabled) and data without
enrolling iOS, Android, or Windows devices into MDM Enrollment.
28. Can you assign Intune App Protection Policies to Azure AD Device Groups?

You can assign Intune App Protection policies to Azure AD Device Groups. But it’s not advisable to
deploy an app protection policy to the device group. The Intune App protection Policies should be
deployed to Azure AD User groups.

The idea behind the Intune App protection policies is to “just” manage enterprise apps and data
without managing the end-user devices. In that scenario, there is no point in deploying these
policies to Azure AD Device groups.

29. Is it Mandatory to enroll devices to use MAM or Intune App Protection


Policies?

No, enrolling the device into Intune for deploying MAM or Intune app protection policies is not
mandatory. These types of policies can be assigned to users and work without device enrollment.

30. Can you automatically migrate AD Group Policies to Intune Cloud Policies, and
How do you?

Yes, you can migrate supported AD Group Policies to Intune Cloud Policies. Microsoft added a
feature called Group Policy Analytics to migrate on-prem group policies to Intune Settings
Catalog policies.

Use Group Policy analytics to analyze your on-prem GPOs and determine your level of modern
management support. Click “Import” to begin the analysis and “Migrate” when ready to move
your settings to modern management.

1. Export GPOs into XML


2. Import Group Policy XML to Intune
3. Analyse the policies to determine whether these GPOs are MDM compatible or not
4. Migrate GPOs to Intune Settings Catalog policies

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 16/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

31. How to check Intune Policies on a particular device?

This is one of the tricky Intune Interview questions (again). You need to be careful how you answer
these types of questions. The interviewer might want to know your analytical skill or problem-
solving skills. My answer would be as follows:

There are different ways to check the Intune policy status. The Intune Portal Troubleshooting
Blade is one of the first places I go and check to understand the end-to-end scenario of a user!

Windows Devices

1. I always start with Intune Policy Deployment Status (Device and user check-in status) to confirm
whether the status shows successful or not.
2. Collect Diagnostics Logs from Intune Portal for a particular device.
3. Check the event logs from collected logs -> Event Logs – Microsoft->Windows-
>DeviceManagement-> Enterprise-Diagnostics-Provider/Admin
4. Look for Event ID = 814 and Windows CSP Policy Name
5. Check the registry on the device and look for User and Device policies.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\

Android, macOS, and iOS/iPad OS devices

You need to follow the first step (Deployment Status) for all the following device platforms
Android, macOS, and iOS/iPad OS devices. The next step is to collect logs from the Company
Portal application and analyze them.

32. How many application deployment types do Intune Support?

Intune keeps on adding support to new app deployment types every now and then. Again, the
interviewer must be trying to analyze your knowledge with Intune interview questions.

Do not answer the questions just like you byhearted them from somewhere. With the Intune admin
experience, you should be able to recollect the main app deployment types such as MSI, MSIX,
https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 17/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

APPX, IntuneWin, etc.

Supported Intune ApplicationDeployment Types:

1. Store App
a) Android Store App
b) Microsoft Store App
c) iOS Store App
d) Managed Google Play App
2. Microsoft 365 Apps
a) Windows 10 and Later
b) macOS
3. Microsoft Edge, version 77 and later
a) Windows 10 and Later
b) macOS
4. Microsoft Defender for Endpoint
a) Windows 10 and Later
b) macOS
3. Other Options
a) Web link
b) Built-in app
c) Line of the Business app (.MSI, .MSIX, .APPX, APK, IPA, .PKG, .intuneMac, etc.)
d) Windows app (IntuneWin – Win32)
e) macOS app (.DMG, .APP)
f) Android Enterprise System App
33. What are the various options for Troubleshooting Intune managed
Applications?

You can get the three types of statuses from the Intune admin center portal. You get the error
details from the Failed status screen. You can check Intune App Deployment reports to get more
details on deployment errors.

Depending on the Intune Application Deployment type and platform, you need to adopt different
methods to troubleshoot issues. For Windows devices, you can check the IME logs (IntuneWin
scenarios). For other platforms, you need to check the respective log files and company portal data
collection method to troubleshoot further.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 18/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

a) Failed
b) Successful
c) Excluded

The details of Intune managed application deployment that Failed to install on a device are as
follows:

1. Application Created – Time Stamp


2. Application Updated – Time Stamp
3. An application attempted to Install – Time Stamp
4. App installation failed – This section gives error code details, and this is helpful for
troubleshooting.
5. Device last check-in time checked – Time Stamp

The details of Intune managed application deployment is Excluded from a device, which is why the
device is not getting the deployment.
34. Where to find Windows 10/11 Intune Event Logs?

Here is the location of MDM Event Logs – Microsoft->Windows->DeviceManagement->


Enterprise-Diagnostics-Provider/Admin

35. Where does the Intune Diagnostic report or log store?

This is one of the other tricky Intune Interview questions again! Two options exist to collect Intune
Diagnostic reports from the Windows device side. You can also collect directly (manually) from
Windows Device or use the Collect Diagnostic option from the Intune admin center portal.

Don’t hesitate to answer in detail on two of the scenarios. These logs will be stored in different
places in those scenarios.

1. Manual Method – Windows Device Side ->Intune Diagnostic logs/reports get stored at the
following default location: C:\Users\Public\Documents\MDMDiagnostics

2. Intune Admin Center (Intune Portal) ->Devices –>Select Windows platform -> Select the
device from the list to collect diagnostics from the action menu. You can download it from the
Device Diagnostics tab of that particular device.

36. What is Intune Management Extension (IME)? Why do you need this service?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 19/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Intune Management Extension (IME) is an additional Intune agent deployed to all Intune
Managed Windows devices. Intune uses the native MDM agent available with Windows 10/11/12
client operating system.

The Windows client MDM agent has limited capabilities to deploy applications and PowerShell
scripts or perform advanced device management functionalities. Hence Microsoft Intune created
an additional Intune agent, and that is called IME.

IME agent is self-managed by Microsoft, and Intune admins don’t have any control over IME
agent updates, health checks, etc.
37. Where are Intune Management Extension (IME) logs from Windows Stored?

You can collect all the Intune related log files, including event logs using Intune Diagnostics
method. But if you are interested only in collecting Intune Management Extension (IME) logs, you
can check the following path.

IME logs folder contains all the logs related to Intune Management Extension processes. For
example, PowerShell script, Remediation script, IntuneWin (Intune Win32 app) deployment, etc.

C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

All the Intune management logs can be collected from the settings -> Accounts -> Access
School or Work -> then click on Export your management log files.

38. Are you familiar with AgentExcutor.log, and What is it used for?

The AgentExcutor.log helps troubleshoot the PowerShell script and Proactive Remediation
script deployments to Windows 11 or Windows 10 PCs.

This log is part of the IME log folder located at


C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

39. What Kind of Information ClientHealth.log Stores?


https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 20/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

The ClientHealth.log records all the health and remediation actions related to Intune
Management Extension agent on Windows 11 or Windows 10 clients.

This log is part of the IME log folder located at


C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
40. Explain the Windows MDM Diagnostics Tool. What is it used for?

MDM diagnostic is a command-line tool that collects all MDM and Windows Autopilot related
logs and events from the Windows client operating system. Most Windows Autopilot-related
events, registries, and logs are consolidated into a single folder or single file.

MdmDiagnosticsTool.exe

41. What does Registry Dump hold in the Window Autopilot Troubleshooting
world?

MdmDiagReport_RegistryDump.reg captures the HKLM and HKCU registry values associated


with autopilot device provisioning. These details are captured via MdmDiagnosticsTool.exe.

Autopilot related values are written to


HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot

42. How does Intune give users a self-service experience?

There are different options to empower end-users and provide a self-service experience for them.
To provide users with a self-service experience, one can design a company portal app for any
device type.

The following are some of the self-service portals available for end-users. Hopefully, Microsoft
will soon be able to combine all of these together into a single portal experience.

1. Company Portal App


2. MyApps.Microsoft.com portal

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 21/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

3. https://www.office.com/apps
4. https://myapplications.microsoft.com/
43. What are the Patch Reporting options in Intune?

There are many default reports available in Intune, and this gives a high-level overview of
patching. You can check out the default Intune reports from the Reports node in the Intune portal
and navigate to the Windows updates tab.

You must set up Update Compliance to have detailed reporting on Windows patch compliance.
The Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data.

The Update Compliance service provides users with a holistic view of Windows 10 or Windows
11 update compliance, update deployment, and failure troubleshooting.

44. How to Sync Intune Service or Server Side Logs to Azure Log Analytics
Workspace?

You can sync Intune Service or Server side logs to Azure Log Analytics Workspace using Intune
Diagnostics settings. These diagnostic settings are used to configure and export Intune platform
logs and metrics to the Azure log analytics workspace.

You can create a maximum of 5 different diagnostics settings to send various logs and metrics to
independent destinations.

45. How will Intune KQL Queries be useful for Admins?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 22/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

You can use the KQL query to get a deep-level view of Intune device management using Azure
Log Analytics. This also helps to troubleshoot all the Intune device management issues.

The following is one of the Sample KQL queries to find Hybrid Vs. Azure AD details of your device
estate.

IntuneDevices | where JoinType == ‘Hybrid Azure AD joined’ | summarize


OperationCount=count() by JoinType

You can also use KQL queries to check and find Dell or HP Devices from Intune Platform
Logs using KQL queries. The table you need to check to find Dell or HP manufactured devices data
is IntuneDevices.
46. What is the Maximum Size supported for Intune Win32 App using the
IntuneWin format?

8 GB is the maximum supported size of the Win32 App application. However, you can raise a
service request to increase the supported size of the application if there is any business
requirement for the same.

47. How to manage the Intune Policy Conflicts?

Some types of Intune policy conflicts are automatically fixed using the Intune service side logic
(such as precedence) to avoid conflicts. Some other types of policy conflict require the admin’s
manual intervention.

Automatic Resolution of Policy Conflict Example – Compliance policy settings always have
precedence over configuration profile settings.

Same Intune policy configurations can be deployed from different places in the Intune admin
portal. If you configure the same policies with different values, Intune service is going to raise a
policy conflict alert. Admin needs to edit the policy and fix the conflict manually.

48. Why do you want to use Intune Filtering Rules rather than Azure AD Group?

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 23/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Again this is one of the other Intune Interview Questions. You still need Azure AD groups to target
some scenarios. The Azure AD dynamic groups update mechanism is not robust as Intune admins
want.

The SLA for Azure AD Dynamic group update is 24 hours, which is also a concerning point for
Intune admins. Hence many admins are trying to assign apps and policies to all users or all devices
and manage the deployment login with Include or Exclude Filter Rules.

Intune Filtering rules sit with Intune service layer so that it can act much faster than Azure AD
dynamic groups assignment logic.
49. How to Enhance the Security Poster of Intune Managed Devices?

There are different options to enhance the security poster of Intune-managed devices. One of the
options is to have stronger Azure AD Conditional Access Policies.

The other security enhancement is to look into Intune Compliance Policy options. This is to help
to protect company data; the organization needs to make sure that the devices used to access
company apps and data comply with certain rules.

Some of the Compliance Rules follow:

1. Encryption of Disks
2. Complex PIN
3. Latest Windows Update Patches

50. What options are for deploying the Internal PKI Certificate to Intune Managed
Devices?

Intune supports two different certificate deployment protocols. If you want to use deploy PKI
certs to Intune-managed devices, you need to have NDES servers installed on-prem Data Center.

The following are two options for delivering certificates via Intune:

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 24/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

1. SCEP Protocol – > Simple Certificate Enrollment Protocol (SCEP) is an Internet Engineering Task
Force (IETF) protocol and is a very popular and widely used certificate enrollment protocol.

2. PKCS Protocol – PKCS stands for “Public Key Cryptography Standards.” These are a group of
public-key cryptography standards devised and published by RSA Security.
51. What do you do if an Intune app package upload is taking time from Intune
portal?

I will check whether the internet connection is stable and whether the proxy is causing some issues.
Also, check whether there is a global issue with Intune service. More details on troubleshooting.

You also need to check and try PowerShell commands lets to upload bigger packages. In my
experience, it gives better results.

52. What will you do if the Intune policy is not getting applied to managed
Devices?

The same answer as above. You will need to check the log files from the client’s side and the event
logs. Again, we have discussed event logs and IME logs in the above Intune FAQ.

You can check more details on Intune troubleshooting from the YouTube video. Don’t forget to
check the Intune portal reports.

53. How to Fix Intune Policy Conflict Issues?

In my experience, there could be many scenarios where you will get into Intune policy conflicts.
Some of the conflicts are fixed from the server side itself using the default conflict logic in Intune.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 25/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

The other parts of the conflicts need to fix manually by checking the reports from Intune admin
center portal. Normally, Intune admin center will tell you which policies are getting conflict.

So, you need to remove the conflicting settings from the policies or exclude some of the devices
or users from specific policies if those are assigned by mistake.

Intune Settings Catalog Decoded | Security Policy Conflicts Precedence | User Device Scopes. You
can get more details from YouTube Video – https://youtu.be/S6udsxa4fs0.
Tips and Tricks to Crack Intune Interview

Let’s see some of the Tips and Tricks to Crack Intune interviews using Intune Interview Questions and
Answers. In the enterprise world, you always need to test your solutions in pre-production or staging
environments first with fewer users.

There should be a ring approach to all the deployments such as application, patch, Autopilot, etc. I
recommend starting with a small set of users first, and then everything is ok; then you can proceed with
ring-wise production rollout. Only Intune Interview Questions and Answers will not help you get an Intune
job.

Understanding change management and incident management processes is important for those
attending Intune interviews. Just learning Intune Interview Questions and Answers alone will not help you.

Change Management Process


Incident Management Process
Deployment approach
Test/Development
UAT
Production

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 26/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Top 50 Latest Intune Interview Questions and Answers 2

Author

Abhinav Rana is working as an SCCM Admin. He loves to help the community by sharing his knowledge.
He is a BTech graduate in Information Technology.

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 27/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Intune

5 thoughts on “Top 75 Latest Intune Interview Questions and Answers”

Anonymous
September 25, 2022 at 4:20 am

Thank you do much for sharing your hard earned experience. It really helped me to bit more
confident in attending intune interview with basic work experience in intune. Thank you once
again.

Reply

Meena
December 11, 2022 at 11:13 pm

Thank you..

Reply

Nithin YR
January 12, 2023 at 9:40 am

one of the best articles on Intune interview preparation as well as learning the Intune concepts.
https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 28/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Thanks Abhinav! more power to you!

Reply

Ram Prasad
April 27, 2023 at 4:26 pm

Thank you very much for sharing wonderful information.

Reply

Dinesh
October 20, 2023 at 12:11 pm

I’m grateful that you shared. Your contribution is valued.

Reply

Leave a Comment

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 29/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

Name *

Email *

Website

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search..... Search

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 30/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 31/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 32/33
3/3/24, 6:50 PM Top 75 Latest Intune Interview Questions And Answers HTMD Blog

2024 How to Manage Devices ©

https://www.anoopcnair.com/top-50-intune-interview-questions-answers-faqs/ 33/33

You might also like