Prepare for Microsoft Exam 70-398—and help demonstrate your real-world mastery of planning and designing cloud and hybrid identities and supporting identity infrastructure for managing devices. Designed for experienced IT pros ready to advance their status, this Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the Microsoft Specialist level.
Focus on the skills measured on the exam:
• Design for cloud/hybrid identity
• Design for device access and protection
• Design for data access and protection
• Design for remote access
• Plan for apps
• Plan updates and recovery
This Microsoft Exam Ref:
• Organizes its coverage by skill measured on the exam
• Features Thought Experiments to help you assess your readiness for the exam
• Assumes you have experience with desktop and device administration, Windows networking technologies, Active Directory, and Microsoft Intune
About This Course
This course is intended to be a quick-paced introduction to the key concepts and components that make up the management of Windows 10 devices using Enterprise Mobility Suite (EMS) which includes Microsoft Azure AD Premium, Azure Rights Management Services (or RMS), and Microsoft Intune. The majority of your time will be spent working directly with the products inside a preconfigured lab environment. And, although we have provided overview information for each of the technologies and pointers to additional resources should you want to know more, we believe you will gain a better understanding of the workings of device management through seeing and doing… hands on.
You will work your way through the online labs to become familiar with:
Implementing Hybrid Identity
Managing an Active Directory Hybrid Environment
Preparing the Microsoft Intune Service for Device Enrollment
Data access and protection using Azure RMS
Each lab includes the following:
Procedures for the individual lab tasks for each exercise
Access to a Windows 10 and Windows Server 2012 R2 Domain Controller for performing “hands-on” lab exercises
Short “how-to” videos for viewing each and every task should you get stuck and need to see how it’s done, and get moving again
The point is… you can try the labs on your own, at your own pace, but we recommend you view the individual demo videos for those times when you might need a little bit of help, for example entering a command string, or navigating across the Azure and Intune UI. What’s probably not a bad idea is to do a quick scan of the demos to familiarize yourself with the lab content prior to working hands-on… it’s your call, whatever works for you.
To give you an idea of how these labs work let’s look at one of the first labs entitled Automatic Microsoft Intune Enrollment of Azure AD Joined Windows 10 Systems… in that lab you get started using a Windows 10 virtual machine to setup and enable Azure AD and Enterprise Mobility Suite and then do some client join activities to Azure AD. So, once you’ve completed the lab, you’ll be able to:
Create an Azure AD instance
Activate an Enterprise Mobility Suite trial
Configure automatic Microsoft Intune enrollment during Azure AD join
Configure device join options in Azure AD
Configure Microsoft Intune subscription as the Mobile Device Management Authority
Join a Windows 10 client computer to Azure AD
Verify that a Windows 10 client is managed by Microsoft Intune
This course is intended for IT professionals who administer and support Windows 7, 8.x, and 10 PCs, devices, users and associated network and security resources. The networks with which these professionals typically work are configured as a Windows Server domain-based environment with managed access to the Internet and cloud services. They are also skilled in working with iOS and Android devices.
This exam measures your ability to accomplish the technical tasks listed below. View video tutorials about the variety of question types on Microsoft exams.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.
If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.
Design for cloud/hybrid identity (15–20%)
Plan for Azure Active Directory (AD) identities
Design Azure AD identities; Active Directory integration; Azure Multi-Factor Authentication; user self-service from the Azure Access Panel; Azure AD reporting; company branding; design Azure AD Premium features, such as Cloud App discovery, group-based application access, self-service group management, advanced security reporting, and password reset with write-back
Design for Active Directory synchronization with Azure AD Connect
Design single sign-on, Active Directory Integration scenarios, and Active Directory synchronization tools; plan for Azure AD Synchronization Services; design for Connect Health
Design for device access and protection (15–20%)
Plan for device enrollment
Design device inventory, mobile device management authority, device management prerequisites, and device enrollment profiles
Plan for the Company Portal
Customize the Company Portal and company terms and conditions; design configuration policies, compliance policies, conditional access policies, Exchange ActiveSync policies, and policy conflicts
Plan protection for data on devices
Design for protection of data in email and SharePoint when accessing them from mobile devices, design for protection of data of applications by using encryption, design for full and selective wipes
Design for data access and protection (15–20%)
Plan shared resources
Design for file and disk encryption and BitLocker encryption; design for the Network Unlock feature; configure BitLocker policies; design for the Encrypting File System (EFS) recovery agent; manage EFS and BitLocker certificates, including backup and restore
Plan advanced audit policies
Design for auditing using Group Policy and AuditPol.exe, create expression-based audit policies, design for removable device audit policies
Plan for file and folder access
Design for Windows Server Dynamic Access Control, Web Application Proxy, and Azure Rights Management service (RMS)
Design for remote access (15–20%)
Plan for remote connectivity
Design remote authentication, configure Remote Desktop settings, design VPN connections and authentication, enable VPN reconnect, configure broadband tethering
Plan for mobility options
Design for offline file policies, power policies, Windows to Go, sync options, and Wi-Fi direct
Plan for apps (15–20%)
Design RemoteApp and Desktop Connections settings, configure Group Policy Objects (GPOs) for signed packages, subscribe to the Azure RemoteApp and Desktop Connections feeds, export and import Azure RemoteApp configurations, support iOS and Android, configure Remote Desktop Web Access for Azure RemoteApp distribution
Plan app support and compatibility
Design for desktop app compatibility using Application Compatibility Toolkit (ACT), including shims and compatibility database; design desktop application co-existence using Hyper-V, Azure RemoteApp, and App-V; install and configure User Experience Virtualization (UE-V); plan for desktop apps using Microsoft Intune
Plan updates and recovery (15–20%)
Plan for system recovery
Design for the recovery drive, system restore, refresh or recycle, driver rollback, and restore points
Plan file recovery
Design for previous versions of files and folders, design File History, recover files from OneDrive
Plan device updates
Design update settings and Windows Update policies, manage update history, roll back updates, design for Windows Store apps updates