Exam Ref 70-696 Managing Enterprise Devices and Apps Orin Thomas PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2014 by Orin Thomas All rights reserved No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher Library of Congress Control Number: 2014951937 ISBN: 978-0-7356-9559-7 Printed and bound in the United States of America First Printing Microsoft Press books are available through booksellers and distributors worldwide If you need support related to this book, email Microsoft Press Book Support at mspinput@microsoft.com Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies All other marks are property of their respective owners The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred This book expresses the author’s views and opinions The information contained in this book is provided without any express, statutory, or implied warranties Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book Acquisitions Editor: Alison Hirsch Developmental Editor: Alison Hirsch Editorial Production: nSight, Inc Technical Reviewer: Randall Galloway; Technical Review services provided by Content Master, a member of CM Group, Ltd Copyeditor: Kerin Forsyth Indexer: Lucie Haskins Cover: Twist Creative • Seattle Contents at a glance Introduction CHAPTER Deploy and manage virtual applications CHAPTER Deploy and manage desktop and mobile applications CHAPTER Plan and implement software updates CHAPTER Manage compliance and endpoint protection settings CHAPTER Manage Configuration Manager clients CHAPTER Manage inventory using Configuration Manager CHAPTER Provision and manage mobile devices Index Contents Introduction Microsoft certifications Free ebooks from Microsoft Press Errata, updates, & book support We want to hear from you Stay in touch Chapter Deploy and manage virtual applications Objective 1.1: Prepare virtual applications Application virtualization concepts Sequencing an application Preparing the Sequencer environment App-V Connection Groups Objective summary Objective review Objective 1.2: Manage application virtualization environments App-V infrastructure App-V deployment models Deploying sequenced applications App-V Group Policy Objective summary Objective review Objective 1.3: Deploy and manage RemoteApp Application presentation strategies Preparing RemoteApp applications Publishing and configuring RemoteApps Managing connections to RemoteApp applications Group Policy settings Objective summary Objective review Answers Objective 1.1 Objective 1.2 Objective 1.3 Chapter Deploy and manage desktop and mobile applications Objective 2.1: Plan an application distribution strategy Application management by using Configuration Manager Applications and packages Application management features Application management server roles Software Center Application Catalog Software distribution to mobile devices Objective summary Objective review Objective 2.2: Deploy applications using Microsoft System Center 2012 Configuration Manager Creating applications Application deployment Detection methods Dependencies Global conditions Requirements User device affinity Deploy software wizard Simulated deployment Objective summary Objective review Objective 2.3: Deploy applications using Microsoft Intune Intune operating system support Deploy software to the company portal Deploy software for automatic installation Intune update policies Objective summary Objective review Objective 2.4: Plan for application upgrades Application supersedence Application revision history Retiring applications Uninstalling applications Objective summary Objective review Objective 2.5: Monitor applications Monitoring application deployment Asset Intelligence Software metering Objective summary Objective review Objective 2.6: Manage content distribution Content management Distribution points Network bandwidth considerations Content library Prerequisites for content management Distribution point monitoring Content distribution Prestaging content Objective summary Objective review Answers Objective 2.1 Objective 2.2 Objective 2.3 Objective 2.4 Objective 2.5 Objective 2.6 Chapter Plan and implement software updates Objective 3.1: Plan and deploy third-party updates System Center Updates Publisher SCUP options Managing updates Objective summary Objective review Objective 3.2: Deploy software updates by using Configuration Manager and WSUS Software updates in Configuration Manager Configuration Manager software update point Software update client settings Managing updates Monitoring and troubleshooting software updates Automatic deployment rules Objective summary Objective review Objective 3.3: Deploy software updates by using Microsoft Intune Microsoft Intune update policies Updating categories and classifications Approving updates Automatic approval rules Third-party updates Objective summary Objective review Answers Objective 3.1 Objective 3.2 Objective 3.3 Chapter Manage compliance and endpoint protection settings Objective 4.1: Build a configuration item Overview of compliance settings Configuration items Creating configuration items Create a child configuration item Configuration item settings Mobile device settings Remediation Objective summary Objective review Objective 4.2: Create and monitor a baseline Configuration baselines Creating configuration baselines Deploying configuration baselines Configuration packs Viewing compliance information Objective summary Objective review Objective 4.3: Configure Endpoint Protection System Center Endpoint Protection Implement Endpoint Protection Antimalware policies Windows Firewall policies Policy management Monitoring Endpoint Protection status Configuring alerts Objective summary Objective review Answers Objective 4.1 Objective 4.2 Objective 4.3 Chapter Manage Configuration Manager clients Objective 5.1: Deploy and manage the client agent The Configuration Manager client Client installation Extending the schema Site systems used in client deployment Client assignment Client settings Objective summary Objective review Objective 5.2: Manage collections Collections Collection rules Maintenance windows Power management Monitoring collections Objective summary Objective review Objective 5.3: Configure and monitor client status Verifying client installation Client status Client health evaluation and remediation query issues, 294 software updates, 148–153 Trusted Root Certification Authorities certificate store, 125 U Uninstall deployment action, 44 uninstalling applications, 86 UNIX operating systems Configuration Manager clients, 222, 228–229, 233–234 hardware inventory collection, 272 software inventory and, 276 Unknown compliance state, 88, 144 Unknown Computer object type, 295 update policies (Intune), 79–80, 158–161 update rollups, 161–162 updates (software) approving, 162–164 categories and classifications, 161–162 using Configuration Manager and WSUS, 135–157 using Microsoft Intune, 78–79, 158–169 objective summary and review, 170–173 third-party, 124–134, 167–168 Updates workspace (SCUP) about, 132 Optional Information section, 131 Package Information section, 130–131 Required Information section, 131 UpdatesDeployment.log file, 153 UpdatesHandler.log file, 152 UpdatesStore.log file, 152 upgrades (application) about, 82 application revision history, 84–85 application supersedence, 83–84 objective summary and review, 86–87, 118–119 retiring applications, 85–86 uninstalling applications, 86 User And Device Affinity group, 65 user device affinity (deploying applications), 45, 65–67 User Group Resource object type, 295 User Resource object type, 295 V validating content, 99–100, 110–111 Value condition type, 63 Value rule, 184–185 VDI (Virtual Desktop Infrastructure), 272 virtual applications, managing environment about, 12 App-V deployment models, 13–16 App-V Group Policy, 20–22 App-V infrastructure, 12–13 deploying sequenced applications, 16–20 objective summary and review, 22–23, 35–36 virtual applications, preparing about, App-V Connection Groups, 7–10 basic concepts, 2–3 objective summary and review, 11–12, 34–35 Sequencer environment, 3–7 Virtual Desktop Infrastructure (VDI), 272 VPN profiles, 334–335 W Wake On LAN (WOL), 70, 136, 147 WBEM (Web-Based Enterprise Management), 272, 295 WCM.log file, 152 Web Application deployment type, 57 Web-Based Enterprise Management (WBEM), 272, 295 Wi-Fi profiles, 337–338 Windows App Package, 56 Windows authentication, 226 Windows Firewall Configuration Manager clients, 230 Endpoint Protection, 199–200, 207–208 Windows Installer deployment type, 56 detection rule, 60 Windows Internet Naming Service (WINS), 236 Windows Management Instrumentation (WMI), 144, 272, 294 Windows Mobile Cabinet, 56 Windows operating systems configuration items, 177, 179–180, 182–183 Configuration Manager clients, 222 Endpoint Protection, 200 inventory collection, 270, 278 Windows Phone App Package, 56 Windows PowerShell, 277 Windows Server Update Services (WSUS) about, 123 automatic deployment rules, 153–156 Configuration Manager clients, 230 managing updates, 145–148 monitoring software updates, 148–153 objective summary and review, 156–157, 171–172 software update client settings, 141–144 software update points, 137–140 software updates in Configuration Manager, 136 troubleshooting software updates, 148–153 Windows Update agent, 143 WindowsUpdate.log file, 152 WINS (Windows Internet Naming Service), 236 WMI (Windows Management Instrumentation), 144, 272, 294 WMI Query Language (WQL), 294–295 WOL (Wake On LAN), 70, 136, 147 workgroup-based clients, 225 WQL (WMI Query Language), 294–295 WSUS (Windows Server Update Services) about, 123 automatic deployment rules, 153–156 Configuration Manager clients, 230 managing updates, 145–148 monitoring software updates, 148–153 objective summary and review, 156–157, 171–172 software update client settings, 141–144 software update points, 137–140 software updates in Configuration Manager, 136 troubleshooting software updates, 148–153 WSUS Synchronization Manager, 138–139 WSUSCtrl.log file, 152 WSUSUtil tool, 139–140 wsyncmgr.log file, 152 WUAHandler.log file, 152 X XAP file format, 56 XML file format, 56 About the author is an MVP, an MCT, and has a string of Microsoft MCSE and MCITP certifications He has written more than 30 books for Microsoft Press and is a contributing editor at Windows IT Pro magazine He has been working in IT since the early 1990s He regularly speaks at events such as TechEd in Australia and around the world on Windows Server, Windows Client, System Center, and security topics Orin founded and runs the Melbourne System Center, Security, and Infrastructure Group You can follow him on Twitter at http://twitter.com/orinthomas ORIN THOMAS Code Snippets Many titles include programming code or configuration examples To optimize the presentation of these elements, view the eBook in single-column, landscape mode and adjust the font size to the smallest setting In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code image” link Click the link to view the print-fidelity code image To return to the previous page viewed, click the Back button on your device or app ... Exam Ref 70-696 Managing Enterprise Devices and Apps Orin Thomas PUBLISHED BY Microsoft Press A Division of Microsoft... books and learning resources for you To participate in a brief online survey, please visit: www.microsoft.com/learning/booksurvey/ Introduction The Microsoft 70-696 Managing Enterprise Devices and. .. every exam objective, but it does not cover every exam question Only the Microsoft exam team has access to the exam questions themselves, and Microsoft regularly adds new questions to the exam,