Hope this post finds you healthy and fit. I was checking interview questions for SCCM or MECM lately and found that most of blogs have repetitive questions and mostly are outdated. I was part of interview panel myself since years so thought to compile few latest questions for your benefits as per my experience.
- MECM is new name of SCCM. I have used SCCM throughout the post because this name was present for decade and most people are not aware of change in nomenclature. Please read SCCM as MECM.
- I have written short answers. If questions excites you, please do some deep dive around it. There are lot of materials on my blog itself and also online.
- Read all the logs. They are most important for interviews.
- This post of for L1 and L2 post with 0-5 years of experience. I will soon compile a post with questions for experienced professional.
- I will try to keep questions updated.
So here we go with questions and answers:
- What is SCCM?
SCCM stands for System Center Configuration Manager. Its new name is Microsoft Endpoint Configuration Manager. It is a software management product developed by Microsoft. This tool allows users to manage Windows-based systems.
- What are key functionalities of SCCM?
- Software patching
- Operating system deployment
- Software deployment
- Software metering
- Compliance management
- Asset intelligence
- Endpoint protection policies
- What is the central site?
A central site is the SCCM primary site, which resides at the top of the hierarchy of the configuration manager. The database of the central site collects all the information rolls from child to parent.
- What is primary site?
Primate site is the one where clients report. It has its own SQL server. It can never be parent of another primary site since SCCM 2012.
- What is secondary site?
Its is site which is used for client management by managing traffic from primary site to client. It should be replaced with distribution point to decrease site hierarchy complexity.
- What is discovery?
Discovery is used to discover devices, users and groups from primarily AD. Discovery methods are:
- Active directory system group discovery
- Active directory security group discovery
- Active directory user discovery
- Network discovery
- Heartbeat discovery
- Active directory system discovery.
- Explain boundaries in SCCM
Boundary is a network location containing device which SCCM can manage. It can be based on active directory site name, IP subnet, an IP address range, or IPv6 Prefix.
- Explain boundary group in SCCM?
Boundary group are collection of boundaries used for content localization and site assignment for clients
- Can we have overlapping boundaries in boundary group?
Yes, it is possible but not recommended for site assignment.
- What is site system?
A site system a server where SCCM roles are hosted
- What is the site server?
The site server is the system SCCM is installed.
- What is management point?
It is a site system used for providing policies to SCCM clients
- What is distribution point?
It is site system used to distribute content to SCCM clients.
- My company already has WSUS? Why should I use SCCM?
SCCM provides you control and flexibility for example pushing updates is not possible through WSUS where it is pull from clients.
- What is SCCM current branch?
Microsoft release SCCM new version few times a year. They are called current branch or CB.
- Can internet-based clients be managed by SCCM?
Yes, through IBCM and CMG
- What is CMG?
It stands for cloud management gateway. Its extension of management point over cloud.
- What is CDP?
It stands for cloud distribution point. It is distribution point over cloud.
- What is CM pivot?
It is new functionality of SCCM used to perform real time query on clients
- Can we use SCCM for Windows 10 feature update?
Yes, through task sequence or servicing.
- What is task sequence?
It is group of sequence of action we need to perform on client. It is mostly used for operating system deployment and sometime for application and patch deployment.
- What is co-management?
Co-management is the way to manage clients through SCCM and Intune simultaneously. This is done by transferring some workloads to Intune.
- What is phased deployment?
Phased deployment is way to deploy task sequence, applications or patches in phases. For example, first to pilot and based on success percentage to production devices in waves.
- Can we deploy SCCM server in high availability?
Yes, its possible where once instance remains in passive mode.
- Can you run scripts through SCCM?
Yes, it’s possible.
- How can you expand inventory of SCCM agent?
By extending mif and mof files
- What is advantage of using SCCM application over package?
Applications have additional benefits such as dependencies, requirement rules, detection methods, and user device affinity. Application provides additional user centric functionality by creating deployment types.
- How to convert packages to application
Microsoft tool – Package conversion manager can be used.
- Can we use SCCM for bit locker management?
Yes, its possible since SMM 1910. It can replace MBAM.
- Why do we use Desktop analytics?
Desktop analytics is used to plan and deploy Windows 10 feature update.
- How can we do third party update using SCCM?
Earlier we used to use tools like SCUP. Third party updates are now inheritedly supported in SCCM. New features are added from SCCM 1910.
- What is automatic deployment rule?
ADR is predefined setting to create software update group automatically with other settings as deployment schedule and deployment package.
- Should we use Microsoft drivers or OEM drivers during imaging?
OEM drivers are preferred.
- What is sysprep?
Sysprep is used to omit machine specific information from image.
- Can we UDI to end used for imaging?
Yes, its possible using MDT or third part as 1E WSS.
- Can we perform imaging over VPN?
Its possible using customized script or third part tools as 1E WSS.
- What is autopilot?
Autopilot is way to automate and preconfigure Windows 10 machines. It can also be used to reset and recover devices.
- What is AAD?
Azure AD is AD service on cloud which is used to provide identity service to cloud based product as Microsoft 365, Azure and Intune.
- What is Hybrid AD join?
Hybrid AD join is when machine joins AD domain as well as registered in AAD.
- What is Intune?
Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).
- What is Microsoft Endpoint Manager?
Microsoft Endpoint Manager (MEM) is the new offering from Microsoft which includes Microsoft Intune, Configuration Manager, Desktop Analytics, co-management, and Windows Autopilot.
- Explain pull DP?
Pull DP are the DPs whose content source is another DP like clients. It reduces the burden of site server and can be utilized for better content management.
- What is RBAC?
RBAC or Role based administration control is used to ensure user can view and work only on the parts for which he has permission.
- What are compliance settings?
Compliance settings gives the tools and resources to manage the configuration and compliance of devices. You can configure a baseline and ensure clients are compliant to it.
- What is Microsoft Defender ATP?
Microsoft Defender ATP helps to detect, investigate, and respond to advanced attacks on networks. SCCM can be used to onboard and monitor Windows 10 clients.