Cert Exam Prep: Exam 70-697: Configuring Windows Devices


All right welcome. >> Welcome. >> Now that we have your attention and everyone's up front we can get going. Welcome to BRK 3266. This is Cert Exam Prep 70-697 Configuring Windows Devices >> My name is Mirko Colemberg, I'm principal consultant from Switzerland and Microsoft trainer in MVP. And my name is Alfred Ojukwu. I'm from the New York, New Jersey region for Microsoft. I am also an MCT, like Mirko and working with services, Consulting Services. So if you were here about an hour ago, you probably were part of our 70-698 session, talking about some similar technology. And this is a 697 exam, with very similar technology but a different approach at managing exam. But first, before we dive into the content, a little bit about each of us. >> Yeah, so I'm based in Switzerland, I brew my beer by myself, and run a user group, by the way.

So, yeah, that's just me. All the time, fast running like Flash. >> [LAUGH] >> And again, I'm Microsoft Services. I do a lot of internal work in terms of preparation and really, now, just starting to branch outside of just Microsoft itself. Realizing a lot of people need these exams. And helping to sort of promote it. I run a blog that they post information about enterprise mobility, the device pros focusing on that as a technology. And just a little fun fact, grew up in Hawaii and love to run, enjoy social media and just it's kind of what I do. So really helping you guys get to enjoy us, get to know our personality. Understand what we are gonna cover today so that we run through the 75 minutes with a lot of fun. >> Hopefully. >> The session's objective again is to really just make sure that you are prepared to take the exam 70-697. Right across the hall, or to the left of us here, if you walk over, there is a practice lab where you can actually take to measure up exams and prepare yourself.

This session is really to provide you with a number, tips, study links, resources, anything you can use to prepare you for the exam. And we're gonna break it down as much as possible. We do have a number of slides. Some of the slides we'll go a little bit quicker through and others we'll just kinda focus on. The intention is that the slides, once you have them, will be there for you to prepare for the exam and you can go back and reference any slide you need and brush up on the things you don't know. Typically, these discussions are really about covering all the content but for you individually, you have to find what you're missing and focus on that. So this is just a layout of what we're gonna talk about, the overview where you'll hear us talk about it throughout the session. The exam experience, we'll talk about some of that as we're going through the content as well. And then we'll go right into the content.

And any resources, we'll show you at the end. >> So here are the main things, from the website from Microsoft Learning. They are focusing on management identity. Planning desktop, device deployment stuff. Network configuration. That's the old stuff like HCP functionality, how is DNS DCPIP working and stuff. So that's really the basics you can have that from older exams, like XP time. It's still the same, right? So there are other managing apps that's in your world with Windows Store for business apps and stuff, and side loading apps. And also updates and recovery with the new possibilities for Windows 10. >> So with this exam, you'll see not just three sections in the last past exam that you guys were, that some of you are attending. There were three sections. This one has nine different sections. With that one being the newer exam, rather than trying to break it up into nine different sections, they've shortened it up, putting the same content in those three different areas. But, we still cover a majority of the same information, with a little bit of a twist there. The beginning really focuses on identity.

And I love to do a comparison and contrast between 698 and 697. 697 really is focused on device management as well as identity and just things that just managing device as a whole. And you'll see, kind of why we say that. The first piece we start seeing is the Cloud. We've talked about this in the past. Managing Windows Store and Cloud Apps, the fact that you have that as part of your platform. And you have to know that you're gonna use a Microsoft account to be able to connect to it and make that connection. What do you typically see in this scenario? >> So there is also a new option for Windows Store for Business so I have podcast, the links there uploaded yesterday on YouTube, so all about Windows Store for Business you wanna know, is there a place.

But there are new scenarios also if some that you can prepare your bits from MSI or Excel file through an app that loaded up as a line of business application to the Store and deploy to your environment for your mobile device and Edge clients. So I can show you a little bit about that. Switched over. >> So again this is just the Windows Store. So what he's gonna do is show you sort of what he has. >> You can see here Windows Store is the normal, the regular one that you can So this is the regular one? Sorry for that. And you have here the company store. So you can just add here, a second account, your Live ID or Business account. You have upload. Your company use details to a tenant in Office 365, Intune or Azure Active Directory and then you can connect to Windows Store for Business right through here and you can see here the applications that your company is deploying for you.

Payable apps or line of business applications or also free apps from the store, right? >> The thing that we wanna emphasize here is that identity matters in this space. When you're dealing with this exam, they're looking for you to understand that there's additional accounts that are being used. As Mirko just mentioned, you see that it's not just that this company provision apps are available. It's a fact that now you have to have some additional account that has access to the private store and the business store. >> And also some part of this exam are Intune, we'll come a little bit later to that part so that you can also manage Policies for Windows Store for Business that the user only have the tile from your company and hide the others. Like the stuff that you can grab with your Live ID.

So and here is the website for Business Store. To manage, you just login or sign up with your tenant information from your Azure Active Directory. And then you can just show up here in manage your applications. It's pretty simple and pretty easy so if you want to go for more details, have a look on the podcast, so. >> But the podcast tells it all, right. >> Yeah, also from a developer perspective. If you invite a developer company that has built your line of business application to upload what's the process behind the scenes. What he has to do? What mail address you have to receive the mail with the special links and stuff, it's all in there. >> So really quick question of the audience. How many people here have taken the 70-697 exam? And yeah, don't be afraid to raise your hand, I won't.

Good, and how many people have taken an exam in the last three months? How about in the last three years? Okay, so you guys are mostly familiar. How many people have never taken an exam? Okay, so. >> I see some hands twice. >> Yeah. [LAUGH] The difference here is [LAUGH] remember that a lot of the components within the exam taking experience is change. You'll see things like hotspots, you'll see things like drag and drop. And just be, for those of you that haven't taken the exam, you need to make sure that you know how to actually click through options or even select the number of options to make up a storyline of what the command would be or what actions you would take on an actual exam. So that's one of the enhancements.

But for this component, we're talking about identity. You wanna show them just the Microsoft account with the local account and how that ties in. That might also show you a few things as well. >> Yeah, if you go to settings. I've never [INAUDIBLE] >> I love your question. I liked that you asked that question. And I almost like set you up there to ask that question. That was a good one. Now, seriously, the question was does Microsoft have a place that they can actually take time to practice exams that are very similar to what the exam That you're actually taking an exam. Here at ignite, if you walk over to my left. >> C103. >> Yeah, C103, they have the Measure Up exams. Again, they're not the exam questions but they have very similar type questions with answers. That will explain to you why one answer might be correct versus another and gives you a way to sort of think about why you chose a certain answer and how to logically answer it correctly.

When we take Microsoft exams you're really being tested on technology that exists today. They don't throw any fake technology at you. Every line item is something you could actually execute or use. Right, so the difference is, if you've studied it, if you've used it, if you're familiar with it, it makes it easier for you to be able to select which one of these four are correct. So yes, exam taking is about being able to eliminate the wrong answer. And the reason why we have these sessions so long is because we wanna make sure that you are thinking about all the things that could possibly be on the exam so you could eliminate them. The people that do well on the exams are able to eliminate the wrong answer and typically find the right one, right? And that's how. And sometimes, when people walk in and say, I've taken the exam, I walked through it. It's because, and they are good exam takers. They've never taken it.

The reason why is because they know all the wrong answers. And therefore, the right answer is the one that pops out at them. So hopefully, with this session, as we go through it. You start to sort of think about that, so that you can prepare for your exams. And you just basically walk in and know the right answers. I hope that answers your question. >> Yeah, I was concerned more about the format >> We have some example questions in the slides, so that gives you a little bit, a view of- >> [INAUDIBLE] So you're not wasting your time trying to navigate through the UI? You mean trying to navigate through the UI, you were asking about the format. Again, the best examples I can give you, based on anyone that is interested in preparing for the exam, is the Microsoft Virtual Labs. They have the walk-through of how you can actually do things. The best example is experience itself, right? And then there's the Measure Up if you have access to it through your company or here.

You'll still get the same experience. I don't know if the exact formats are available anywhere outside of in the exam room. And I know exactly what you're asking, so. Okay? >> Yeah. >> So let's keep going. I just wanna show you the identity, linking your domain account with your local account. >> So yeah I have here my info. So my device is not domain-joined, it's just the NDM. I mean Azure Active Directory joined. So you just add here your user account information and whole identity goes through Azure Active Directory with Windows 10 devices. >> So they will challenge you on understanding how you tie those accounts together. So make sure that you know that it is possible to tie more than one account or to add more than one account to it. Again, this goes into just joining a machine to an Active Directory domain or doing an Azure Active Directory domain join as well. So those options come up. And that kinda dives into some of the stuff that we have in this diagram. Now this is a very high level diagram that, detailed diagram that kinda talks about how the authentication's happening, what you need to think about when authentication's happening.

A couple things to think about, cloud domain-joined and domain-joined. So domain-joined is just your basic Azure, I said basic. The basic Active Directory join of a machine and then the cloud, domain join is what Azure Active Directory Join is. In the exam, if you see anything that relates to cloud domain join, it's Azure AD Join, right? And also know that in Windows 7, we had Workplace Join, which is a very similar experience of making sure you had access to company resources, Windows 7, Windows 8.1. With Windows 10, the term work accounts became the cool thing to use. So this exam was written probably a year ago, the term work accounts was the name of it. If saw what Miracle showed on the screen, it's now called work, I can't remember it, but it has a different name, I think, mention it again? >> Work >> Work and School, that's right.

>> Work and school. >> But it means the same thing. So kinda pay attention to what version of Windows 10 was available when the exam was written. Because this exam is about a year old, the term work accounts is what you're looking for. And those are the sort of things that you're going to try to answer. And again, this isn't a trick. This is just how it is, right? And with the Windows as a Service things certainly changed. We might see a change from Work and School to something else. But you'll have to based it on the time that you take the exam. >> So the workplace joins stay available right for bring-your-own device scenarios, so. Have a look on that too. And also for, if you're join a device to that Azure directory so you lose your CPO management.

There is a new staff with nothing to do with exam but have a look on Omar DM. It's a open mobile LI int device management. There is an organization, there's that a stand up for that, have a look on that if your not familiar with them now. Do it, it's really interesting stuff there. >> Okay, other sections they covered in this first portion is, authentication, authorization. Know the difference between what authentication and authorization is. Authentication is being able to, allow you in through some sort of multi-factor. Who you are, what you know or what you have. Those are the three form factors that you have to think about. MFA in Microsoft has the Azure Multi-factor authentication where it basically requires you to have some sort of form of authentication, whether it be a pin, a phone. It can be a text.

It can be an email. These are all ways that you can actually use it, so make sure you know about multi-factor authentication. Also be familiar with Virtual Smart Cards because again, it's the way of getting away from having a physical Smart Card. The Virtual Smart Card is built into the PC itself and requires a TPM, and works with Windows 8. You may get questions around Virtual Smart Cards so we've listed it out here, as another form of authentication. Any questions around authentication, this is where you wanna go. We show you a screen of the signing options. If you saw what where Mark was showing you on your machine, you have a number of signing options that show up that are tied to Windows Hello, Windows Passport. And all those authentication authorization components are part of what you'll be looking to understand. As you as you know what that UI looks like and you can select the right scenario for your organization or if the right scenario for the case study that you're taking, this portion will be a breeze as well.

We also saw Sync options show up. Sync options have the ability to control how you're syncing your settings among different systems that you own that are Windows 10. This isn't authentication but we wanted to make sure that you saw this as well. The big piece that changes in Windows 10 is Windows Passport and Windows Hello. So, you better believe you might that have questions around why Passport and Hello might be required. Quick question to the audience and you know just shout it out if you know it. If I don't have a camera that supports the feature where you have to look into the iris. Do I still have Windows Hello, Windows Passport? >> [INAUDIBLE] >> Absolutely. >> But Windows Hello is not only the iris, it's a face looking, the camera. So you have to have infrared camera and stuff. It looks on your face and then points, and points on your face, that makes you unique. So they tested also with twins and it was working all the time. So, Windows Hello it's really a great feature. You can also prepare them with GPOs, have a look on GPOs about that or ORDM okay and really go forward and have a look on Passport and there are some questions in the test for that.

>> Yep, and the key around the Passport and Hello is that it's the front end to the backwards that the technology in the back end. And they really just want to make sure that you know that Passport and Hello's in the back end. So we've also posted in here some of the supported scenarios in which you'd use Windows Hello and Passport. For example, signing into the Windows store, phone sign in, having an application or web-based authentication that's required, or even Single Sign-On. Sp these are all the reasons why Windows Hello and Passport might be relevant when you're taking the exam. In a case study, you might be asked a question about an organization that's interested in taking advantage of Single Sign-On or conditional access. And the questions might have something dealing with a number of other technologies.

Look for Windows Hello, look for Windows Passport. Because that may be the answer to the question that you're looking for. In the real life scenario, that also might be the answer, but- >> Yeah, of course, yeah. >> You still have to implement it. >> Mm-hm. The other piece as well, in this section, is about sideloading apps. We have a list of ways you can actually sideload apps. These are PowerShell commands. Know your PowerShell commands. Again, this is a theme we've seen in the last few years around exams. PowerShell, the way they test you, making sure that you understand how to write the syntax and use it in a scenario that might deploy a solution like an application that's been built by the business. >> Can you go back one? So, did that PowerShell commodity, the AppxPackage that You are may be familiar with Wan gap. That's the old one it's just translated it's the new one to install apps so you can also note you can also use it with chocolate if you're familiar with them. Or other new gap and stuff to install applications the old way or the new way with the apps or the applications. Do you know the difference between apps and applications? >> No what is the difference between apps and applications? >> Apps come from store they are the new universal Windows apps now and the applications are still the old bit, like MSI or XE so that's different in the name.

So sideloading apps with App package, you can just download the APPX package, so some applications are also are apps available in the store for offline using, and then you can do the old way, or you can also add repository, like chocolate repository. It's a non secure repository, you can rebuild your own secure repository and stuff, and just install the app with PowerShell command. So that's really new stuff. So sideloading apps in Windows 10 1607. There are also at VH integrated but that's not part of that. So maybe that questions are coming later. And also for UEV. UEV if you want to talk also a little bit later about that. >> We also mentioned just the workplace join options. Just making sure you know what those are. This is for the older technologies. Again, just to add difference between the main join versus workplace join. These really applies more to Window's 8 but you still will be tested against this. Specifically when we talk about the older model of the Windows 10 mobile devices.

We had this before around the virtual smart cards. We wanted to put it in here knowing how to create a virtual smart card, the fact that you have to have a virtual TPM in place to get that virtual smart card to work. And understanding how to use it in a command line. We listed it out here as well. >> I have an additional info. You didn't need a physical TPM chip if you have a UEFI device. There is a TPM chip- >> Built into it. >> You can utilize, right. >> Yep. >> So. >> That's real life answers. >> Yeah. >> [LAUGH] >> Okay question. Our first question. You're trying to use the Add-AppxProvisionedPackage PowerShell command. The main app is saved in C:AppX. What command should be used to provision the package? Again this is an example of what type of question you're gonna ask covering what the gentleman mentioned.

C. Sorry. A. >> You know, there it is. I'm not gonna read the whole thing. B. Add provision package path Appx. C. Add provision package online folder item path Appx. And D. How many people think it's A? B? Appx, okay. And how many people think it's C? Okay, and D? How many people think it's D? >> So, wait before we get the answer, I give you an example. Can we switch please? >> Okay. >> So, go to PowerShell. If the command we have get help at appexpersioning package examples and here you go then. >> So the moral of the story is use PowerShell >> [LAUGH] >> [LAUGH] Look at your answers. So if you look at this, the answer is D, as you can see. Again, there's nothing complicated. What they try to do is they ask you the question in the context of how you would actually use it. So you're looking for something that has the same, build and saying build in terms of a command line if you would see.

This example shows you being able to add a pack because it's offline specifying the pack path in which the application is located as well as the license path. In which that's associated with the application that you're actually publishing, as well. >> Mm-hm. >> So you need both of those to be able to publish a package. And that's why we have this one as the answer that you're looking for. >> Yeah. If you go to the Windows Store for Business,or Windows Store, and download an app that is offline available. Just have a look there is an Appx bundle in it and there are all the files threading, licensing, licensing xml file and stuff so you have the whole thing to load, side loading to your Windows 10 device, so. >> Finding desktop and device manage deployment also become important because we focus on the user data. We also focus on Hyper-V and then configuring mobile options which miracle will show you a little bit later.

And then securing the mobile devices. What security on the mobile devices. Now again this is just a section header so it tells you the details of what we'll cover. Many of you may have seen this before this is just USMT. It's still relevant in this exam. You still have to know USMT You have to know what Scanstate is. You have to know what Loadstate is. And how you actually take a file from an existing systems stored in location. Use those state to copy back once in, once the machine is identified or targeted as the target location. And allow it to basically use the XML to read back and put the data back. So, the SMT process is still there. And once those settings are there, the user has to log off and log back on for the settings to take place. >> So the User State Migration Tool, someone of you are familiar with them or not. >> How many of you who are using USMT? A couple of you guys. Well wait, a lot of you guys. >> Yeah. >> And then you know where is the place to get the app like the scanstate and the Loadstate.

It's in the ADK. And assignment and deployment. >> Assessment. >> Assessment and deployment kit. >> They're changing the name all the time. >> Yeah. >> [LAUGH] >> And there is also for every Windows 10 version a new ADK version available. So you get all of the time the newest were empty bits. Just use them and you can manage the profiles from older Windows 10 or Windows 7 versions to the newest version. >> Again, this is an example of us giving you a reminder. If you don't know scanstate, loadstate, here are the commands. Just run it a couple times, get used to what it's actually doing. Know the difference between migdocs mig apps and mig users. Mig apps captures application settings, mig user captures the profile, the user profile settings that are on the machine and mig docs captures documents in the documents folder.

All of them can be, you can use some of them in conjunction but they're all available for load state to put the data back to that system. The other thing you want to know about is Hyper-V, the Windows 10 client Hyper-V and how to enable that feature. They might ask you questions on what you need to do to enable Hyper-V and this kind of shows you the process. The gentleman asked earlier about being able to kind of click through and see, this is an example where they would actually It'll ask you to go to start and go to program and features. Click on turn Windows features on and then select Hyper-V and then reboot the box. If you don't select all four of those options, you get the whole question wrong. So the, I know that sounds sad? >> There are more easier ways, by the way. >> [LAUGH] >> Use DISM with add package and stuff and PowerShell. It's much more easier, but that's the way to go in Excel. [LAUGH] >> Also, nested VM's are something that's pretty cool, it's available in Windows 10, the latest version of Windows 10.

I'm sure the next question for some of you, are what are nested VM's? And nested VM's, if you haven't heard of them yet, are running a VM in a Hyper-V VM and a VM, these are good for, if you want to, if you are a hoster and you're trying to help somebody have labs in a hosted environment. It's kind of a, you know– >> Also to prepare a class, I just have to build one VM with different VM's in it and just copy the only one VM to every computer. Just run it and all the labs are inside. So it's pretty cool. >> And we run of lot of Windows 10 Mobile Emulator Labs and before because the hardware is built on like VM ware, we couldn't actually emulate the VM. Now with nested VM's we just have the Hyper-V server available, or no sorry the Windows Server available in a virtual machine. And we can launch the Hyper V console and have the Windows 10 mobile running in the remote desktop sessions. So it's a really good feature, nested VM's, look it up.

You might, I dunno if it's in the current exam if they do some iterations they might add some exam questions to that. >> So in the Hyper-V, so the virtual switches. So you know the virtual switches like the physical network about the virtual network into virtual switch. There is some different kind of virtual switchers or yeah virtual switches available. One is private. One is internal and one is also an external. Have a look on that. What's the different between them? What's the Private? The Private is just for VM's. They are have a close network switch. They can't communicate through the host, through the local host or through the external network about the internal can And talk about the virtual machines and the host and the external goes through to the external adapter like WiFi adapter or ethernet adapter and give you internet connect or something.

>> Do you have a play button? Is that a play, can I actually play it? Let me check. >> Play. >> And now, I am curious. It doesn't play. >> [LAUGH] >> It doesn't play. I got all excited like, yes. >> [LAUGH] >> All right, so, Enterprise Data Protection is another component that actually we talk about in this exam. Anybody know the new name for Enterprise Data Protection? Anybody? Windows Information Protection. So, WIP. I think I'm saying it right, WIP. >> Yeah, yeah. >> So, EDP is now WIP. But for the exam, you still need to know Enterprise Data Protection and what it is. We've listed out what it is. Basically, the ability to protect data as you're switching between personal container, work container, and being able to protect that information. We see that on the Windows 10 Mobile platform now and it was also sort of developed for the Windows 10 desktop itself. So, know the benefits, know the prerequisites, any enterprise scenarios you might run into using EDP as a platform.

But keep in mind, for the exam, it is EDP. But in real life, right? Real life. >> No, no, no. >> In the new version. >> In new version, you'll have Windows Information Protection. And it essentially has a lot of the same bells and whistles with a lot of upgrades, a lot more granularity fit into it. Now, this is more around disc management and data management, so you also see file and disk encryption. And so, we bring this up because we want you to start thinking about what options am I gonna select. If they're asking me about having to protect data or files on a system, do I use BitLocker, do I use encryption, do I used EDP, and knowing the difference. Following this encryption of EFS itself is a way of providing some sort of cryptographic protection on an individual file or a specific file that you have running and you can set it to a whole set of files or hosts on a machine. If you can see with Workplace joined when you're actually Workplace joined in a system and you have access to the file server, that file server turns green because of the EFS that's built into it. And therefore, it's encrypted.

So, that may be a way to protect the files, but maybe not the whole operating system, just those files at that specific location. It does require certificates and you can use a recovery agent if you have any issues getting those files back. Also, know that BitLocker is available as well. It has a number of new features that are built into it. And that's the portion of it that this is a disk encryption component. So, we put them both on here to think about when would I use file encryption? When would I use disk encryption? And what's the technology that's built into it. So, to manage also the bit locker, you can manage that through GPO's so that's pretty simple. Also, make sure, what about security key, or recovery key for the user, that it can store that in Or in the active directory environment. >> Okay, I'm going to skip that because there's nothing to show.

I wanted to make sure BitLocker-Network Unlock is another feature. No BitLocker network can unlock the ability, basically provides you the ability to unlock your OS volume during a system reboot when you're connected to a specific corporate network. So, that's a feature that they start asking you about. Understand that you have a specific hardware requirements tied to that. For example, UEFI, DHCP settings configured correctly. All those are part of being able to unlock your bit locker from that system itself. >> Here are some side notes. >> I like the side notes. >> If you use UEFI Who of you uses UEFI now? >> I hope everybody. >> Great. >> Who still uses Bios? [LAUGH] >> God.

>> There you go. >> Okay, who are all using UFI secular boot? >> No seriously, who using, who's on Windows98? I really want to, anybody have Windows 98? >> [INAUDIBLE] >> [LAUGH] >> The legacy app. [LAUGH] >> Yeah, [INAUDIBLE] >> Wow, that's close enough, too. [LAUGH] >> It's the same age as it, right? So yeah, you have to prepare your DHCP settings and stuff. And also, prepare your WDS, Windows Deployment Service for UFE with BitLocker. So, the problem is I have reverse scenario. If you have to press a key to get in the pin the put up the system, you have to press the key that I'm not sure if it was F9. You have to press it physically. So, you can't use any preview or out of bad management and stuff. It's not working, so be careful with that settings if you have a huge environment and you have to go to every computer to press F9 just to get OS deployment or wake it up in the night to make software deployment overnight or whatever. >> Okay, and we also mentioned the EFS recovery agent.

Basically, a user who has ability to unlock an encrypted file. For example, somebody leaves an organization and they have some sort of files that are encrypted. You can have a user recovery agent that allows you to go in and unlock those encrypted files. So, recovery agents still matter. Again, we're showing you this because this may be a number of those options that you need to eliminate. Or it might be the answer to one of those questions that you're looking for. Knowing what it does is more important in this exam and knowing how to either eliminate it or select it is also important. So, this is what EFS Recovery Agent is and that's how it works. It's still requires Enterprise CA I'm sorry it doesn't require it. If Enterprise CA is not available, it'll generate its own certificate to users and make that available to them for that account itself.

Okay, question 2, planning for desktop deployment. You have been asked to set up an automated hands-free installation of Windows 10 and are advised that a provisioning tool should be used to support ZTI. Which tool would be the most helpful for this test? Ironically, we haven't talked about provisioning tools but we're still gonna ask you guys the question. Okay. >> Do you familiar with Zed TI? >> Zero Touch Installation. >> Zero Touch Installation. Thank you. >> We call it ZTI here. >> ZTI, okay. >> Zed TI is what you. Yeah. [LAUGH] >> You know I'm from overseas. [LAUGH] >> I know. I'm just kidding. I'm kidding. >> So, what tool you have to use? So, you can use A, Windows Assessment Console from the Windows Assessment Toolkit.

>> Anybody who thinks it's A? Okay. >> Okay. Windows System Image Manager. >> Who thinks it's WSIM? Okay. >> Okay, deployment Image Servicing and Management, DISM, C. >> DISM, anybody? So, you guys know your tools? >> [LAUGH] >> All right. >> D, Windows Deployment Services. WDS? >> [LAUGH] You're good, I got you. >> Maybe- >> [CROSSTALK] >> How many people think it's E? >> [CROSSTALK] >> Great job, make it simple. >> Yeah. >> I knew what you were thinking, I was on the same page too. >> [INAUDIBLE] >> [LAUGH] Good come back. [LAUGH] >> So, the main point in this question is, zero touch and hands free installation of Windows 10. So, that's only possible with config manager.

>> Exactly. >> Comes out of the box. So, you can do it also with MDT or DISM but you have to do a lot of work mode so. >> So, and that's actually a good point that Miracle makes >> You might see an exam question that has multiple correct answers, they want the one that's more correct. I see lots of people sometimes on different forums arguing, this is right and that's right. Well, both answers might be right, but look at the scenario again and find out which one's more correct. Or eliminate something about that question that doesn't make sense, okay? >> More correct means, what's out of the box, more correct, right? >> Yes, yes, not more correct as I would actually implement in the cloud. Okay, the next section actually goes into Intune. We talk about supporting mobile devices. >> He has a question. >> Question, sorry.

>> [INAUDIBLE] >> Mm-hm. >> [INAUDIBLE]. >> So, you said they took the security exam, and they asked the question around the perfect right answer that's not there versus the one that it isn't. I don't. >> [INAUDIBLE]. >> So do I have to choose the best answer, what's available? That's the question and I would say yes because let's say, it all depends on the scenario, right? You have to look at the scenario they present you and the way I see it typically is they're gonna present a scenario the customer has, you can go back and reference it. And out of those scenarios you have to pick the one that is the most correct. I don't recall seeing a question where well tell me which one is incorrect. I think that's kinda what you're asking, right? >> [INAUDIBLE] >> I see what you're saying.

The perfect answer's not there. >> [INAUDIBLE] [INAUDIBLE] >> That's actually a good point. So you're saying they picked the best answer. But it was only the best answer. So it's something that might not be there. And that really comes from us as a community, having real world experience. For example, you might have a number of options that, typically, we use SCCM to do. But the only option you have is WDS. Well, WDS is the answer. You don't have a choice, right? So by elimination you're gonna select WDS. So yes, you do have those sort of scenarios. And what that means, as Miriko mentioned, you have to take your real world hat off and look at the exam and what they're testing you for. >> It's like what's the description on TechNet articles. What's their scenarios, right? >> Yeah, it's the basic scenario because they're really just testing you on how do you understand the basic technology.

>> The part that threw me is the scenario that they gave couldn't actually happen. >> [LAUGH] He said that the part that threw him is that the scenario they gave, I have to do it for the recording, it couldn't actually happen. And I've seen that a number of times. But because TechNet said so, [LAUGH] it technically would be the answer. I think we're seeing less and less of that. I keep pushing them to start up, I mentioned this a couple times ago, it's called certification as a service. So that if things change, they just update the exam. And they're starting to do a little bit about that, a little bit of that, but not enough as much as you said where people can actually say, well this question sucks, get rid of it. [LAUGH] But we were seeing more of that coming.

But let's keep going. This section covers Intune and we'll have some demos for you. But it also covers other things like some of the other components, and I'll show you some of that now. So Work Folders, we mentioned that before. Work Folders still matter in this space, where you can set up a Work Folder for your organization. We gave a path of where those Work Folders, where you could actually configure it through the group policy because it's a setting that you can still control. And it requires Windows Server 2012. So we kind of gave you the requirements for setting up Work Folders. It hasn't gone away. It still works on Windows 8 and Windows 10, and Windows 7 also. And it's available for you so that you can have a device that's not joined to the organization but still have access to Work Folders on that system. And this is, you may not asked about setting up the infrastructure. But this is more of a diagram that talks about what a process looks like.

They may ask you questions around how to logically do something. So this is an example of one client resolves the work folder. It goes to DNS server and looks for a sync server. The client sends a discovery request to that server. It retrieves this information from the user property. The client receives it and stores it in a Sync location for future sync sessions and then it's pointed to the designated server. An example is sometimes they ask you information and they put it in different orders. And your job is to select them from the left side and put them on the right side and put them in the exact order. If you don't get all of that right, you do not get partial credit. You get no credit. So again, important to understand what the steps are. It gets even more difficult in developer exams. [LAUGH] Now, I've taken like 36 plus exams with MCPs and the developer ones definitely have that sort of, you better get it right or else.

And we're starting to see that now in some of the MCSA exams. Typically this one and some others. Okay, so coming up we are going to jump over- >> We have also a lot of question to manage devices with Intune, H-glass, or reg agent. So here, the scenario you get familiar with that in CA and Azure Active Directory soon can stop. Just go and create your Windows Microsoft Intune try, you will get a 30 day trial version and just play with them. I will show you a little bit about that. >> You wanna go? >> Yep, if you have your trial version, you get information, like a dashboard. You have groups to manage, users and computers to use as comes from the side from the Azure Active Directory. You can also play with your mobile devices that are trying in Azure Active Directory. They are enrolled as a device in Azure Active Directory.

Then you can see all the devices here. So that's from our company life data. So you can see there are mobile persons will own, what the means, corporate owns devices. You have the version, what you can see. Have a look on what all informations are available here. Then the next step is to create policy files. So configuration policies, then you add here. You have some different configuration policies for Android, iOS, Mac OSX, Windows that are the most important for the exam here. So like edition upgrade and stuff. Or you can also manage clients or policies, VTN, Wi-Fi information, or the OMA DM settings. >> Go into one of those settings. So I want to just show you really quickly. >> I will show you the best, the funniest thing to exclude from your Windows Store for Business, the life account section that the user only have business account section. So that's a OMA DM setting, just edit them. And here are- >> Example >> Added, so.

Now we can see it here. There are the OMA-URI. It's a point user vendor MSFT policy config application management required private if the value is one. So if we deploy that policy to the devices, they just wanna show up. The store for business and the other private stuff just go on. That's just an example to the example before. So go ahead and play with them. Also compliance settings, here you have iOS, Windows, or whatever. And the main questions in the exam is most of the time, Windows 10, or Windows 10 mobile. So then you can also with admins actions, you have settings like for conditional access for your SharePoint or Exchange Online. You have service administrators like tool based, you have team viewing integration, that's new. >> That seems to be a fairly new.

I don't know, I'll be surprised if it's in the exam, so. >> Yeah. >> Not that I know of. >> [LAUGH] Then you have also Device Enroll and that's just so everybody can enroll his phone to get access to the mail and stuff. >> You have here the multi-factor authentication that you can implement. You have certification connector stuff. You have the reports, there are also some questions about the reports. What information you can get or what report you have to open to get information like blah, blah, blah. You have also the application management, so for mobile devices, H and less, you can manage them through the MDM channel. So we can also implement the Windows Store for Business to Intune. There are no questions about that at the moment. That's really new. Or Apple volume purchasing applications, that's also new here. And you can manage your normal apps, like if you have an H and a Intune H installed on your clients, then you can upload here exe files or msi files with the parameters for unattended installation.

And just load that information of the application up to Intune and deploy them to a group, to a device group for user group. And you have to the possibility to make that application available or required, so oop. So here is a little bit about that. >> It takes a second, but once it comes up it's basically your location and where you can actually specify application. Yeah. It's in German so. >> It's in German, sorry. So but you can create Windows installer H CRM. >> I can read this, that's not German. Software installation program. >> Software installation program, yeah. >> Is that- >> That's Swiss German, so we have half English, half German, no. >> [LAUGH] >> [LAUGH] >> [LAUGH] >> But we have the better chocolate, so. >> [LAUGH] >> And the nice watches, right? So here you can also add some external links or iOS applications.

External links means links from Google Play Store or iOS 6 store, or from Windows store. And here the MSI can also add APP applications and deliver it that way without the PowerShell commands. So it's pretty simple, or you can also use MDM MSI, it's the last one, Windows installer. So H less MSI installation but that has limitations so if the MSI runs other programs outside or you have an open end bin folder or update folder. That's not possible to run through the MDM channel. So go ahead, play with them, you have a 30 day trial already. Use it, so you can do it again and again. Excellent, so and again, there's a lot you can pick up just from the console itself. This section covers device enrollment, what do I need to do to enroll a device? And the device management prerequisites, like you said, compliance, the company portal settings, all the different settings that you'd actually see. They're right there in the console.

The quickest way to get this set up is you go to aka.ms/ems-trial, and it will allow you to get a license. It'll allow you everything from Intune, to Office 365, to Azure for a 30-day trial with whatever domain you want. And at that point you get the same thing he has. You get to test it out with a account. You don't even need your personal domain, you can have a Microsoft-hosted domain as well. And that's really what they're testing you about. The other piece they test you on is planning for the company portal app. In other words, making sure you have the ability to deploy the company portal app on any device. Again, the company portal app is only available on Android, iOS, or Windows devices. And it also provides you the ability to see applications that are published by your organization for you to download. There are different ways to publish applications. Some of them are required and it gets pushed to the device, and others are available and made available for you to find any application library on the company portal.

You can also customize the company portal with different looks, with support information, all of that's possible. So they may test you on that, make sure that you know that it's available on all of those platforms. And they probably don't care what it looks like, I gave you what it looks like. That's what it is, download the company portal and move forward. >> It's free in every store. >> Yep. Well yeah, it is free. Types of Policies, I think you mentioned this, you talked about it a little bit. Compliance versus configuration policies. Again, compliance policies are things that check to see that you are in compliance with your organization. Whether you have a device that's jailbroken, it will detect that it's jailbroken and force you to, it'll basically make it out of compliance, therefore you don't have access to the resources. Configuration policies are things that set up your system and actually control what it looks like so that you have the setting which compliance controls the ever-changing nature of the system. As you mentioned, conditional access is really to control who has access to resources.

For example, Exchange and SharePoint and Skype for Business. And I believe the Dynamic CRM is also in there. All it's doing is saying, the device has to be registered to your Azure Active Directory. You have to have it enrolled in Intune as an MDM solution. And thirdly, you have to be in compliance with whatever rule your administrator sets. So those three things are typically what drive conditional access. A lot of people get confused around conditional access, so if you do get a question around that, those are the first three things you wanna think about. Compliance, Intune, and Azure AD, Join. >> There is one more side note. >> There's always a side note. >> There is coming, a lot of new stuff with that portals. Microsoft announced that this week, that it moves that portal, it's still Silver-light based on Internet Explorer, and they move it to the new Azure portal with the flipping to the- >> How many people seen the new portal? [LAUGH] >> To the right side. >> You can raise your hand, it's okay. >> Azure Active Directory portals. >> I won't say anything.

[LAUGH] It's pretty cool, so what it is, and just to echo what said, what you saw was the existing into console. What you knew about Intune two or three years ago is not what it is now. I'm just making it clear for everybody, that every year, every two years, it's changing. So now what's happening is they're integrating it into Azure, and again I don't know if this is gonna be on the exam. But that new portal's gonna be in Azure, and it's gonna have the same bells and whistles that you see in the Azure console. So you can actually control and manage applications as well as applications without enrolling them into Intune. >> Yeah so we can see here, I have it integrated. Where's the Intune? >> Just do a search? >> Do a search? Do a search.

So here are the Intune. So you can see here the Mobile Application Management stack is implemented in the new portal, so the rest is coming. And also there are some new stuff available for Android devices to manage. So root the devices or something, it's still a pain at the moment to manage them, but it's from real world. iOS and Windows are really great to manage. So you can see here some policies for conditional access stuff. >> So conditional access will also be available for both applications that are managed within Intune, as well as applications that aren't enrolled in Intune devices. So that's something that we'll see. Again, we're kinda giving you a little bit of the best of both which is, here's what's on the exam, here's what's coming. And then as he's shown here, the number of target apps that have basically been made, they have been app-wrapped so that they are aware of the configurations for a man without enrollment.

You can basically put policies on this. What happens is, if a user downloads Outlook, or Word, or Excel to their device and they try to log on with your company ID, it will pull down a set of policies that says what he or she can do on that specific device. So basically, I am limiting them to be able to copy data out of Word into any other location. I can only look at that information, or I can't save it, depending on what policies you set, or the disk has to be encrypted or there has to be a pin. All these policies are decisions that are made with your IT, and you no longer have to just basically enroll into Intune. So good information to know. I don't know if it's in the exam, but if it is, there you go. >> A little piece of them, so yeah. >> Yeah, so and new apps are showing up everyday. >> Mm-hm. >> So let's keep going for time's sake. So we covered the client using Intune policies. [CROSSTALK] So nothing, yeah, we talked about application deployment, application deployment continued.

And then here's a question, now this is a hot spot example. Now this is where you actually have to select the right way to do this, and hopefully you guys have been paying attention. Walk through the process of creating a policy to be deployed to all managed Windows mobile devices in contoso.com. So I'll just walk through it. I mean, I'm not gonna be like, what do you do, right? Here's the main interface. I'm gonna go to policies, right? I'm gonna click on create a new policy. Then I'm gonna go down and select Windows Custom Policy Windows 10. I need to click Create Policy, and that's it. [LAUGH] That's all. Simple process, right? But knowing that in itself makes your life easier, because you basically read, I'm setting a generic policy to a Windows 10 device. Now you can see there are a number of other options available. But the one that made the most sense was the Windows Custom Policy.

Because that's the one that basically, generally gives you what you are looking for. If you went with the Windows phone, it would only apply to Windows phone devices and not desktop devices. >> Why wouldn't it be the- >> Windows 10 Mobile. >> [INAUDIBLE] >> With a configuration policy, it's like a template. But if you create your custom policy, you can do anything you'd like. >> Yeah, so the configuration, so the question is, why isn't it the one right above Windows Configuration Policy? When you pull up the Windows Configuration Policy, it allows you to build your own OMA-GURI commands, OMA-GM commands, in there. So that's, it's even more customizable than you'd really need. This one gives you a generic list of custom policies that you can actually select.

And in the back of that, where you and I don't see, it's doing all the configuration for you. So, good question though. Okay, the next section is configuring network IP settings, network settings, and maintaining network security. Now we've talked about this before, some of this if you already know, you're very strong on it, it's a breeze. But they still question you on it. So things like knowing the Well-Known Ports, we've listed a number of them out there, FTP is 21, DNS is 53. Know your ports, know how they fit into the framework of the network itself. Know where they sit in the layers. Now, they might not ask you about all of that, but just knowing 80 and 443 and 53, all of those might help you in terms of determining what type of traffic you need to block in a firewall or open up in a firewall.

>> [INAUDIBLE] >> What is it? >> 21. >> 21. >> [INAUDIBLE] I took it the other day, [INAUDIBLE]. >> Yeah, NDA. [LAUGH] Just in case, he was on the practice, no. [LAUGH] And so we listed out the terminology as well. Know the terminology, automatic private IP addressing, APIPA address, default gateway, DHCP. We've shortened them, they don't expect you to know what the acronyms stand for, but you also know when you need one versus the other. Because they might ask you questions around, change the DHCP scope or change the APIPA Address. If you don't know the difference, then it makes the question a little bit tougher. >> Yeah, and PowerShell. You have to know for every command in command-line prompt, the PowerShell cmdlet.

So there are some question, what you can do now with PowerShell like the old cmdlet use or something. >> Easy, is new SMP mapping command line. So do a refresh about that so PowerShell is coming more and more also to get question for Windows 10. >> Do they allow the PowerShell aliases? >> No. [LAUGH] >> The question was, do they allow the PowerShell aliases. And I would guess not [LAUGH]. >> Just a calculator. >> [LAUGH] >> If you can do it on the calculator, then, hats off. >> [LAUGH] Yeah. >> Well, in PowerShell, you can actually use the word ping but it's an alias. >> Yes. >> Yes, no but, they're really just looking to know that the PowerShell Command. So, good question, though. Okay. So, also in the new app, the manage Wi-fi settings, you have configuring network settings was, just make sure that you know that you can actually control those Wi-fi settings.

I've given you sort of a steps to managing a preferred network for example, they might ask you something like this and you have to be able to walk through. One thing that I wanna mention is opening the Settings app, looking for things that are talking about what you would do in the new Windows 10. If you see something that says open the Control Panel and you see one that says open Settings app, I'm gonna select open Settings app. Again this is not always just about knowing the technology, it's about knowing how they're testing you. >> And that's what the session is all about right? Giving you sort of insights as how you get the right answer. At the bottom page, beneath Manage Known Networks that network you wanna manage, click Share to forget the network. So, these are options that you can select, just to give in a high level.

The next one is also about Windows Firewall Advanced Settings, know what those are. Different types of networks. Talk about domain versus private versus public networks. And which one is set in what scenario. If you typically, if you're talking about an organization, they typically like to make the public profiles, protect the public profiles, but they usually do all the configuration on the domain profiles. And we reach another question. Your company uses programs named "My Application" in the C:/MyApp directory. You need to open the Windows Firewall with Advanced Security to allow MyApp.exe to communicate on the network. You want to use netsh to accomplish this task. Drag the answer on the left to the spot on the right. Some answers may be used more than once, some may not be used at all. So what this is, is a, we've listed out on the left, the possible options that you can select. And you'll really wanna drag them and put them in the right place. So, anyone wanna take a guess at netsh, what goes there right next to firewall? Advanced firewall. Yep I heard advanced.

An add rule name, my application, the directory in the action. I want it to do what? Allow the program C:\MyApp.exe to do what? Enable, right? So, again, some of it is logic, but once you get the gist of what they're asking, you can basically put that sentence together, and ignore everything else. Configure might not be one, and firewalls is not one, because it's not the same as advanced firewalls. So, just little tips of knowing how to put these commands together, really help you to do well on the exam. This time a site note to the exam. >> [LAUGH] >> So there are also some common PowerShell commands that you have to drag and drop in the right direction in the exam. That's like another style of multiple choice. >> Options. >> Options, yeah. >> What's the PowerShell version? >> The PowerShell version. No, we'll save that for another session.

He said what's the PowerShell version. Okay, so supporting data storage. Hey, what is it, you sit back there. >> [LAUGH] >> Supporting data security and supporting data storage. This is another section. So we talk about DFS and DFS-R. Know the difference between DFS-R and DFS-N, namespaces. Replication is about the data replication and namespaces is having and actual URL that you can actually go to and access the information. One has actual data in it that's moved from one location to another. The other one is just a URL that's shared across a network. A lot of organizations use this so we ask that you are familiar with it and understanding where RDC or Remote Differential Compression helps out in the transferring of data replication between the different DFS locations. This is just a type of data storage. It may be something you see on the exam as well. So quick question.

We have a lot of exam questions on this one so, this is kinda helpful. You need to use the Netsh command to forget a network. Which of the following is true regarding the Netsh command? Choose all that apply. So how many people think A, it must be typed in an elevated Windows PowerShell session is one of those that apply? How about B, it must be typed at a command prompt? How about C, it must be typed at a command prompt with elevated privileges? So Netsh, okay. How about D? You must use a parameter wlan delete profile = , anybody? E, you must use the parameter wlan remove profile, profile name. I can kind of see it. So yeah I think you guys got it. So it's C and E. One is the command prompt with elevated privileges cuz you want to run the Netsh command. It will prompt you and then you will basically be in the administrative, be able to change something administratively. And then you want to run the remove command to actually remove a profile name. It requires elevation.

Data access protection is another section. We've seen this again. They talk about file shares, the difference between file shares and folder shares. And managing remote access with VPN. We saw this is nothing new. VPN connections are very important. Know the difference between those different VPN protocols, PP2P, L2TP and SSTP and IKEv2. I also mentioned authentication protocols as well. PAP versus EAP and CHAP, I've listed them out here because I want you to, when you get a chance, go through, kinda read about it. Cuz there's a lot of information around the VPN connections. They expect you to know which one is more secure, which one uses password, which ones require certificates in the authentication protocols. >> And what kind of certificates. >> And what kind of certificates are needed.

And whether they're talking on two different servers, so this is a section that covers that. And designing for VPN, we talked about the two types of VPN connections, and the more important thing to know about this VPN, is knowing that in the Windows 10 console, you have different options to show for both VPN and broadband tethering. Here, we show you broadband tethering, being able to take a mobile device or some other device and connect it into your Windows 10 to be able to use that network to browse the internet or have access to the web. And then the VPN options for designing a remote authentication. You see the drop down gives you those options to select what sort of network you need. In the business case, or the business scenario, you're looking for scenarios where you want to, you know provide the most secure solution as opposed to something you're doing in the lab.

And typically you wanna stick to something like an SSTP connection where you have secure socket tunneling. Or deciding on whether you're gonna use MS-CHAP or EAP. Being supported, EAP being the most secure component. This is an example of VPN reconnect. In other words if you lose connection you automatically get reconnected. We know that the auto VPN is something that's fairly new. We've seen that happened now. I don't know how much of that you'll get tested on. But it's good to know that it actually works and you can set it up that way. Remote Desktop Settings are also tested on. >> Yes. >> Nothing new, we were gonna suggest again that you know each one of these tabs Display, Local Resources, Experience and Advanced. All of them have different settings. If they ask you about it, they're expecting you to sort of just know what that looks like.

Rather than me going through each one of these with you personally, it's simple enough to kind of see what's in the Remote Desktop Connection and see what type of questions they might ask. For example being able to map your local drive or use copy and paste from your remote session to the current session you're on. Or save your settings. >> Or use some proxy settings and stuff, yeah. >> Power options come up again. Know your Power CFG and how to set your system in to Standby or Hibernate or enable it or how to even print out your Energy Report, how much battery you're consuming. This is a good example of that. This shows your available power settings. Everyone has it on their system. Just type in powercfg space slash question mark. And you'll get all the commands that you need to test with.

This is something you're tested on an exam as well. And the Disk Management Tools. >> Yeah this parts now are also some Cmdlets available from From PowerShell of course, Get-Disk, and the old one is DarkPart with the ANSII file with the /s. And then put in the answer file. So just use DiskPart slash question mark, and you will get all the options, what's possible, use the Get-Disk from the PowerShell Cmdlet help also with the examples and get a little bit familiar with them. Also here the same story as you have in the command prompt translation, the tools to PowerShell, right? We also see configuring Windows to Go as an option, basically setting up Windows to Go. You need to have some sort of external drive connected. It'll ask you where you want to put the files for the Windows to Go setting. Make sure you know what those options are.

Here's another question. Which of the following is the most secure password-based authentication protocols supported by VPN? >> Is it A? >> Is it A, anybody think it's A, EAS-MSCHAPv2? >> Okay. >> B, PAP. >> PAP. No. >> C, MSCHAPv2. >> No. >> D, CHAP. >> D, CHAP. >> And E, SPAP, secure PAP. It's not secure PAP, but. Nope, looks like it's A but it's actually D, CHAP. It's uses the password-based authentication and it's the most secure component of that piece of any of those certificates use the password-based authentication protocol with the VPN client. Okay, remote app, now this section actually goes into remote app, the interesting thing is actually something that we may not be seeing. But it's still on the exam and it's something that you're gonna be test on.

What they're looking to understand is if you understand the difference between on cloud access to remote applications versus on-prem. >> Okay, the on-prem side is still available, right? >> Yes. >> The Microsoft just shut it down there in cloud RemoteApp. But there are still some question about that. >> Yes, there are questions on the exam. So know the difference between Azure RemoteApp, RDS, VDI and session-based hosting. We do have a slide in here that talks about RemoteApp, what it looks like and the ability to basically use it. And we also have, being able to deploy apps which I believe Miracle showed earlier. And having what we call deep linked applications to things like iOS and Android. Where you send the user to the Android or iOS store to access the application. UE-V also comes up as part of the section understanding how to setup user environment and user experience virtualization.

Which is your new version of what we call roaming profiles. The fact that you can set it up to copy Windows settings and templates, store it and have that availability from one machine to another. It's the same technology that they use in the sync settings that allow you to have your data moved from one Windows 10 machine to another. It stores it up in a shared cloud location and where your account is. So they don't say it's UE-V, but it has the same technology. And that is something that they ask about when you're thinking about visualizing user settings. UE-V is the one that you wanna think about. This shows you that engine and something to keep in mind. >> So UE-V is now in the Windows 10 1607 version implemented. But the questions in the test is just about the old UE-V with the old commands, not with the new ones. >> So this is the old UE-V with the old command. >> Yes.

>> So we put them here so that you know about it. The type of questions they ask, setting it up, how to make sure it's syncing and all that fun stuff. Question 8 is managing apps. Which of the following lets you store and manage applications on your own network? Anybody wanna guess? While also making them available to users on a multiple platform. >> D, others? >> A, anybody think A? >> A? >> Let's you store and manage applications on your own network servers while also making them available to use as a multiple platform. Okay, so it's A. I'm gonna save time cuz we're running late on time. >> What if the platforms means also in other- >> Android and iOS, exactly. So yeah, the term multi-platform is what you have to think about and the ability to kind of digress.

The last section on this exam is managing updates. Managing updates and recovery. We saw Windows file history show up as a component to think about. Make sure you know how to use back the file history. The fact that data has to be placed on a storage somewhere on a separate drive. So when you do the restore it's available. Here's the restore component as well. >> From OneDrive? >> Yep. We talked about using Windows updates and servicing updates and what that looks like, being able to know the difference between. When you're getting an update versus a future upgrade and a future update, servicing update. Terminology has changed a little bit. But for this exam, feature upgrade and servicing updates are considered the terminology that you need to know. Update settings and Windows update policies. We talk about just knowing the difference between what that is.

Current Branch versus Current Branch for Business versus LTSB. Current Branch meaning the ones that the end user typically has access to. Current Branch for Business you typically deblay it by four months and then the business actually gets it. It's already been tested, it's sort of a ladder. The same version that's tested that's been run for over four months. And then all the LTSB are more for like things like kiosk machines, older machines, machines that you don't typically expect to have a lot of changes. And we mentioned this at the very beginning. >> Here also, for the new Microsoft change, you can see, it's a four month and eight month and 12 month. But now it is 16 month with the new Windows 10, right? So, the question about that is the old way of the 12 month cycle, right? So how's that doing in background? >> So the last two or three slides have focused on managing updates and we kind of showed you where those settings are. So when you do have the slides, just make sure that you're going through what those updates look like. The ability to use different components to get updates, we've listed out a number of them.

Know the difference between WSUS, Group Policy, Configuration Manager. And how all of them actually service updates to the end user and in which scenario you'd use one versus the other. We mentioned Update History being able to see that and the actual Control Panel under the Add and Remove Programs, it's still available. And you can see it in the new UI as well and the service branch comparison. >> A side note here, there are also some new templates available for WSUS Management. There are Windows update client management on a client himself. >> Okay, I'm gonna skip this one because of time. >> Yeah. >> And so not new technology. >> Not new. >> GPOs, you'll get asked about GPOs, we put this in this deck because we want a reference for you to make sure that your aware of it. The ADK, it tells you about whats all in the tools as well and being able to use Windows Recovery.

The ability to be able to reset your system, being able to either do it through keeping your personal files or cleaning up the machine completely. This is the latest way of managing. It's called Reset, it used to be Refresh and Reset. Now it's just Reset this PC, keep my personal files or remove everything. >> Also use the provisioning files to get the company information of the device. >> Yeah. And then last one is just the Device and Credential Guard, right? New features in Windows 10, they're both technologies are required to use. They need UEFI 2.3.1. And they all need these as a requirement to make sure that they're working. They're still alive and functioning in the exam itself, much of the components are being written into newer terms. >> This is just a side note slide, so there are no question that I know in the exam. That's just for the new technology, have a look on them and get familiar with them, that's the future of security about devices.

>> So our intention was to make sure that we walk through the 70-697 exam. Again, you can see there's a lot of content and we wanted you to be able to walk away with as much information as you can. The intention is that these slides would be available for you guys on the Ignite Channel, so that you can actually pull it down and use it for studying. If you need it earlier there, if you're preparing to take the exam, please let me know. And we'll see what we can do to get it for you. And again, just to break down the topics. We've also listed a number of different sessions that are available, particularly for this Ignite that you can actually go to and prepare you for the exam. Most of them dealing with managing devices and as well as the 76-97 exam ref book on the Microsoft Press Store. Again, thank you for staying this long, I really appreciate it. And before anybody leaves, I wanna get a selfie. Is that okay? >> [LAUGH] >> All right.

I've been trying to get one. You guys get to be in it. You get to be in it too, but. >> [LAUGH] >> [LAUGH] >> Okay, thank you for listening. >> Thank you for listening, [INAUDIBLE]. But don't leave. >> [APPLAUSE] >> All right, let's get one real quick. Wait, you got to turn it the other way. You guys still there? >> [LAUGH] >> One, two, don't do that. >> [LAUGH] >> Three. All right. Again, thanks guys for coming, we really appreciate it. >> Have a nice week..