Image Credit: Cloud360 Training
1. What is Microsoft Intune?
Answer:
Microsoft Intune is a cloud-based endpoint management solution that helps organizations manage and secure devices and apps. It enables MDM (Mobile Device Management) and MAM (Mobile Application Management) through Microsoft Endpoint Manager.
2. How does Intune integrate with Azure Active Directory?
Answer:
Intune integrates with Azure AD to control who has access and what they can access. Devices and users are authenticated through Azure AD, enabling Conditional Access, compliance policies, and group-based targeting.
3. What are the key components of Intune?
Answer:
-
Device compliance and configuration
-
App deployment and protection
-
Endpoint security policies
-
Integration with Azure AD and Microsoft Defender
-
Reporting and monitoring
4. What's the difference between Intune and SCCM?
Answer:
SCCM is an on-premises management solution, while Intune is cloud-based. Intune is best for mobile/cloud-first environments, whereas SCCM is ideal for managing on-premises infrastructure. Both can be co-managed.
5. What types of devices can Intune manage?
Answer:
-
Windows 10/11
-
macOS
-
iOS/iPadOS
-
Android
6. What are MDM and MAM in Intune?
Answer:
-
MDM (Mobile Device Management): Manages the full device.
-
MAM (Mobile Application Management): Manages corporate data at the app level, often used in BYOD scenarios.
7. How does Intune support BYOD?
Answer:
BYOD users can enroll their personal devices via MAM without enrolling the full device, allowing IT to protect corporate data without controlling the device.
8. What is Conditional Access in Intune?
Answer:
Conditional Access enforces policies based on conditions like user location, device compliance, or app used. Intune provides device compliance data that feeds into Conditional Access decisions in Azure AD.
9. What is the Company Portal app?
Answer:
It’s the app that users install to enroll their devices into Intune. It allows access to company resources, displays apps available to install, and enforces policies.
10. What license is needed for Intune?
Answer:
Microsoft Intune is included in:
Device Enrollment & Management
11. How do you enroll a Windows 10/11 device into Intune?
Answer:
Via automatic enrollment (linked with Azure AD), manual enrollment through Settings > Accounts > Access work or school, or Autopilot provisioning.
12. How are Android and iOS devices enrolled in Intune?
Answer:
-
Android: Using Android Enterprise (Work Profile or Fully Managed)
-
iOS: Via Apple MDM push certificate, Apple Business Manager (for supervised devices)
13. What is automatic enrollment in Intune?
Answer:
A process where Windows devices are auto-enrolled into Intune upon Azure AD Join or Hybrid Azure AD Join, configured via Group Policy or MDM settings.
14. Difference between user-driven and IT-driven enrollment?
Answer:
-
User-driven: The end user initiates enrollment (common for BYOD).
-
IT-driven: Admins pre-configure enrollment (Autopilot, Apple DEP).
15. What is Windows Autopilot?
Answer:
A provisioning tool that automates device setup from out-of-the-box to fully managed with policies and apps, eliminating the need for imaging.
16. How do you assign a configuration profile to a device?
Answer:
Create a profile in Intune > Assign to a device/user group > Devices will receive the profile upon check-in.
17. How do you retire or wipe a device in Intune?
Answer:
Go to Devices > Select the device > Choose Wipe (factory reset) or Retire (removes company data only).
18. What are compliance policies in Intune?
Answer:
Policies that define rules a device must meet (e.g., password, encryption) to be marked as compliant. Non-compliant devices can be blocked via Conditional Access.
19. How do you monitor compliance status?
Answer:
Intune portal > Reports > Device compliance > View compliance status and reasons for non-compliance.
20. What to do if a device is not checking in with Intune?
Answer:
Check:
Configuration & App Deployment
21. How do you deploy apps via Intune?
Answer:
Upload or link the app in Intune > Configure install settings > Assign to user/device groups > Monitor deployment status.
22. What is a Line-of-Business (LOB) app?
Answer:
An internal company-developed app not published in public app stores. Intune can deploy LOB apps (e.g., MSI or APK files).
23. How to deploy a Win32 app using Intune?
Answer:
24. How do you create a configuration profile?
Answer:
Intune > Devices > Configuration profiles > Create profile (choose platform and type) > Define settings > Assign to groups.
25. What are examples of configuration profile settings?
Answer:
-
BitLocker
-
Wi-Fi
-
VPN
-
Email settings
-
Password policies
26. How do you deploy Microsoft 365 apps?
Answer:
Use the Microsoft 365 Apps wizard in Intune to select Office apps and configure installation options.
27. What are PowerShell scripts in Intune used for?
Answer:
Used to run custom tasks on Windows devices (e.g., registry edits, software installs). Scripts can be deployed through Intune to specific groups.
28. How do you manage OS updates in Intune?
Answer:
Use Windows Update Rings to define update deployment schedules, deferral periods, and active hours.
29. What are app protection policies?
Answer:
Policies that enforce data protection at the app level, like preventing copy/paste, requiring PIN, and encrypting app data.
30. Difference between device-based and user-based policies?
Answer:
Security & Compliance
31. How do you enable BitLocker with Intune?
Answer:
Use a device configuration profile with Endpoint Protection settings > Configure BitLocker > Assign to devices.
32. How to enforce PIN/password policy?
Answer:
Create a compliance or configuration profile with password requirements > Assign to user/device groups.
33. How to secure corporate data on personal devices?
Answer:
Use MAM without enrollment, app protection policies, Conditional Access, and data loss prevention policies.
34. How do Conditional Access and compliance policies work together?
Answer:
Conditional Access uses compliance policies to decide access—if a device is non-compliant, access to resources is blocked.
35. What does Intune do with rooted/jailbroken devices?
Answer:
Mark as non-compliant automatically via compliance policy, allowing Conditional Access to block resource access.
36. What is Microsoft Defender for Endpoint?
Answer:
An endpoint security platform integrated with Intune to enforce antivirus, EDR, and threat protection policies.
37. How are certificates managed in Intune?
Answer:
Via SCEP or PKCS certificate profiles, Intune can deploy certificates to devices for Wi-Fi, VPN, or app authentication.
38. How to configure Windows Hello for Business via Intune?
Answer:
Use a configuration profile under Identity protection to enforce biometric or PIN-based authentication.
Monitoring & Reporting
39. How to generate compliance reports?
Answer:
Reports > Device compliance > Export results to view device status, compliance reasons, and policy assignment.
40. What logs are useful for troubleshooting Intune?
Answer:
-
Event Viewer (MDM diagnostics)
-
Intune Management Extension logs
-
Company Portal logs
-
Windows DeviceManagement-Enterprise-Diagnostics-Provider
41. What is the Troubleshooting blade?
Answer:
In the Intune portal, it shows a user's device enrollments, compliance, app installs, and policy status in one place.
42. How to check app deployment status?
Answer:
Go to Apps > Select the app > Monitor > Review install status per user or device.
43. What to do when a policy fails?
Answer:
Advanced & Integration
44. How to integrate Intune with third-party apps?
Answer:
Use Microsoft Graph API, custom connectors, or built-in integration options (e.g., with TeamViewer or ServiceNow).
45. How to manage shared devices?
Answer:
Use shared device profiles and assign apps and settings accordingly. Android supports dedicated device mode for kiosks.
46. What are device categories?
Answer:
They help classify devices during enrollment and can be used for group assignment and policy targeting.
47. What is Microsoft Endpoint Manager (MEM)?
Answer:
It’s the unified console that includes Intune, Configuration Manager, and other tools for endpoint management.
48. What are filters in Intune?
Answer:
Filters refine targeting of apps/policies based on properties (e.g., OS version, manufacturer), adding granularity beyond groups.
49. How to configure kiosk mode devices?
Answer:
Create a device configuration profile using the Kiosk template, specify allowed apps, and assign to target devices.
50. Best practices for enterprise-scale Intune deployment?
Answer:
This is a comprehensive list of 50 commonly asked Microsoft Intune interview questions with answers, covering device management, app deployment, security, and troubleshooting. It's ideal for IT professionals preparing for Intune-related roles.
