Prise de note certification 70-697

Create 31st mai 2017 (updated 31st mai 2017)


Support Windows Store and cloud apps

Install and manage software by using Microsoft Office 365 and Windows Store apps, sideload apps by using Microsoft Intune, sideload apps into online and offline images, deeplink apps by using Microsoft Intune, integrate Microsoft account including personalization settings

  • Package Office
    • Telecharger « Office Deployment tools »
    • Modifier le fichier de configuration « confiduration.xml »
    • Telecharger les sources office avec setup.exe /download
    • Installer avec setup.exe /configure
    • Creation d’un package AppV avec setup /packager
  • Installation sur Azure

Licence : <property Name = « SharedComputerLicencing » Value = « 1 »/>

  • AppV
    • Autoriser le mode offline : Disconnected operation mode
  • APPLocker
    • Test AppLocker Policy => From Group Policy : enforce the new AppLocker policy in Audit mode


Support authentication and authorization

Identifying and resolving issues related to the following: Multi-factor authentication including certificates, Microsoft Passport, virtual smart cards, picture passwords, and biometrics; workgroup vs. domain, Homegroup, computer and user authentication including secure channel, account policies, credential caching, and Credential Manager; local account vs. Microsoft account; Workplace Join; Configuring Windows Hello

  • Interdire la synchronisation => GPO : Block Mcrosoft Account : Users can’t add or log on with Microsoft Account

Migrate and configure user data

Migrate user profiles; configure folder location; configure profiles including profile version, local, roaming, and mandatory

Configure Hyper-V

Create and configure virtual machines including integration services, create and manage checkpoints, create and configure virtual switches, create and configure virtual disks, move a virtual machine’s storage


The Invoke-Command cmdlet runs commands on a local or remote computer and returns all output from the commands, including errors. By using a single Invoke-Command command, you can run commands on multiple computers.

To run a single command on a remote computer, use the ComputerName parameter. To run a series of related commands that share data, use the New-PSSession cmdlet to create a PSSession (a persistent connection) on the remote computer, and then use the Session parameter of Invoke-Command to run the command in the PSSession. To run a command in a disconnected session, use the InDisconnectedSession parameter. To run a command in a background job, use the AsJob parameter.

You can also use Invoke-Command on a local computer to evaluate or run a string in a script block as a command. Windows PowerShell converts the script block to a command and runs the command immediately in the current scope, instead of just echoing the string at the command line.

To start an interactive session with a remote computer, use the Enter-PSSession cmdlet. To establish a persistent connection to a remote computer, use the New-PSSession cmdlet.

Configure mobility options

Configure offline file policies, configure power policies, configure Windows To Go, configure sync options, configure Wi-Fi direct, files, powercfg, Sync Center

  • Windows To GO
    • Depuis Windows to Go voir le disque du PC => Diskpart configure san policy
    • Depuis le PC voir le disque Windows to go => DIskpart configure attributes volume
  • Powercfg
    • Import et export => Exporter ou importer une configuration de gestion d’alimentation
    • -s ou -setactive => Active le mode de gestion de l’alimentation spécifié
    • -x ou -change => Modifie une valeur de paramètre dans le mode de gestion de l’alimentation actuel

Configure security for mobile devices

Configure BitLocker, configure startup key storage

  • Necessite une puce TPM 1.2 ou 2.0
    • Pré requis pour les « virtual Smart Cards »
  • Sans puce TPM : GPO : « Require Additional authentification at startup »
  • Debloquer un disque (non systeme) pour un PC dans l’AD
    • Besoin du nom de l’ordinateur
    • Lancer la commande : manage-bde-unlock E:pw

Support mobile devices

Support mobile device policies including security policies, remote access, and remote wipe; support mobile access and data synchronization including Work Folders and Sync Center; support broadband connectivity including broadband tethering and metered networks; support Mobile Device Management by using Microsoft Intune, including Windows Phone, iOS, and Android

Deploy software updates by using Microsoft Intune

Use reports and In-Console Monitoring to identify required updates, approve or decline updates, configure automatic approval settings, configure deadlines for update installations, deploy third-party updates

  • Paramétres d’agent Intune
    • Desactivation du prompt de redemarrage
    • Allow Immediate installation of updates that do not interrupt Windows
  • Désinstallatoin
    • ProvisioningUtil.exe command
  • Windows Configuration Policy
    • Minimum Classification of update to install automatically
    • Resuire automatic updates
  • Configuration dans SCCM
    • Configurer le role « Microsoft intune Connector »
    • Creation du « Microsoft Intune subscription »
  • Changement du groupe parent d’un groupe existant : impossible, il faut le supprimer et le recreer
  • Gestion iOS
    • Necessite « Apple Push Notification Certificate »
  • Enregistrement

Manage devices with Microsoft Intune

Provision user accounts, enroll devices, view and manage all managed devices, configure the Microsoft Intune subscriptions, configure the Microsoft Intune connector site system role, manage user and computer groups, configure monitoring and alerts, manage policies, manage remote computers

Configure IP settings

Configure name resolution, connect to a network, configure network locations

  • Netsh
    • Add address => ajouter une adresse IP sur une carte reseau
    • Set interface => modifie les paramétres d’une carte reseau
    • Set adress => modifie une adresse IP sur une carte reseau

Configure networking settings

Connect to a wireless network, manage preferred wireless networks, configure network adapters, configure location-aware printing

Configure and maintain network security

Configure Windows Firewall, configure Windows Firewall with Advanced Security, configure connection security rules (IPsec), configure authenticated exceptions, configure network discovery

Support data storage

Identifying and resolving issues related to the following: DFS client including caching settings, storage spaces including capacity and fault tolerance, OneDrive

Support data security

Identifying and resolving issues related to the following: Permissions including share, NTFS, and Dynamic Access Control (DAC); Encrypting File System (EFS) including Data Recovery Agent; access to removable media; BitLocker and BitLocker To Go including Data Recovery Agent and Microsoft BitLocker Administration and Monitoring (MBAM)

  • Application Control Policy
    • Necessite le service : Application identity

Configure shared resources

Configure shared folder permissions, configure HomeGroup settings, configure libraries, configure shared printers, configure OneDrive

Configure file and folder access

Encrypt files and folders by using EFS, configure NTFS permissions, configure disk quotas, configure file access auditing Configure authentication and authorization

Configure remote connections

Configure remote authentication, configure Remote Desktop settings, configure VPN connections and authentication, enable VPN reconnect, configure broadband tethering

  • Bureau à distance
    • Utilisation de « Gateway IP address » 

Configure mobility options

Configure offline file policies, configure power policies, configure Windows To Go, configure sync options, configure Wi-Fi direct

Deploy and manage Azure RemoteApp

Configure RemoteApp and Desktop Connections settings, configure Group Policy Objects (GPOs) for signed packages, subscribe to the Azure RemoteApp and Desktop Connections feeds, export and import Azure RemoteApp configurations, support iOS and Android, configure remote desktop web access for Azure RemoteApp distribution

Support desktop apps

The following support considerations including: Desktop app compatibility using Application Compatibility Toolkit (ACT) including shims and compatibility database; desktop application co-existence using Hyper-V, Azure RemoteApp, and App-V; installation and configuration of User Experience Virtualization (UE-V); deploy desktop apps by using Microsoft Intune

Configure system recovery

Configure a recovery drive, configure system restore, perform a refresh or recycle, perform a driver rollback, configure restore points

Configure file recovery

Restore previous versions of files and folders, configure File History, recover files from OneDrive

Configure and manage updates

Configure update settings, configure Windows Update policies, manage update history, roll back updates, update Windows Store apps


Laisser un commentaire

Ce message a été modifié par david le 31 mai 2017.

Cet article n'a pas été revu depuis la publication.

Cet article a été créé par david le 31 mai 2017.