πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided MD-102 Domain 2
Domain 2 β€” Module 8 of 10 80%
15 of 27 overall

MD-102 Study Guide

Domain 1: Prepare Infrastructure for Devices

  • Device Identity: Join, Register & Hybrid Free
  • Build the Right Device Groups
  • Intune Enrollment Essentials Free
  • Auto-Enrollment & Bulk Enrollment
  • Intune RBAC & Windows Hello for Business
  • Compliance Policies & Conditional Access
  • Windows LAPS & Local Group Management

Domain 2: Manage and Maintain Devices

  • Windows Autopilot: Choose Your Path Free
  • Autopilot: Device Names, ESP & Rollout
  • Provisioning Packages & Windows 11 Upgrades
  • Windows 365: Your PC in the Cloud
  • Configure Windows Devices with Intune
  • Config Profiles: Android, iOS & macOS
  • Control Admin Rights with EPM
  • Intune Suite: Apps, Analytics & Remote Help
  • Cloud PKI & Tunnel for MAM
  • Remote Actions & Device Queries

Domain 3: Manage Applications

  • App Deployment: Prepare & Package
  • Deploy Apps with Intune & App Stores
  • Microsoft 365 Apps: Deploy, Customize & Manage
  • App Protection Policies & Conditional Access
  • App Configuration: Managed Apps & Managed Devices

Domain 4: Protect Devices

  • Endpoint Security: Antivirus, Firewall & Encryption
  • Attack Surface Reduction & Security Baselines
  • Defender for Endpoint: Integrate & Onboard
  • Plan and Manage Windows Updates
  • Cross-Platform Updates & Delivery Optimization

MD-102 Study Guide

Domain 1: Prepare Infrastructure for Devices

  • Device Identity: Join, Register & Hybrid Free
  • Build the Right Device Groups
  • Intune Enrollment Essentials Free
  • Auto-Enrollment & Bulk Enrollment
  • Intune RBAC & Windows Hello for Business
  • Compliance Policies & Conditional Access
  • Windows LAPS & Local Group Management

Domain 2: Manage and Maintain Devices

  • Windows Autopilot: Choose Your Path Free
  • Autopilot: Device Names, ESP & Rollout
  • Provisioning Packages & Windows 11 Upgrades
  • Windows 365: Your PC in the Cloud
  • Configure Windows Devices with Intune
  • Config Profiles: Android, iOS & macOS
  • Control Admin Rights with EPM
  • Intune Suite: Apps, Analytics & Remote Help
  • Cloud PKI & Tunnel for MAM
  • Remote Actions & Device Queries

Domain 3: Manage Applications

  • App Deployment: Prepare & Package
  • Deploy Apps with Intune & App Stores
  • Microsoft 365 Apps: Deploy, Customize & Manage
  • App Protection Policies & Conditional Access
  • App Configuration: Managed Apps & Managed Devices

Domain 4: Protect Devices

  • Endpoint Security: Antivirus, Firewall & Encryption
  • Attack Surface Reduction & Security Baselines
  • Defender for Endpoint: Integrate & Onboard
  • Plan and Manage Windows Updates
  • Cross-Platform Updates & Delivery Optimization
Domain 2: Manage and Maintain Devices Premium ⏱ ~11 min read

Intune Suite: Apps, Analytics & Remote Help

The Intune Suite adds enterprise capabilities beyond standard Intune β€” an enterprise app catalog, advanced analytics for device health, and remote help for real-time support.

The Intune Suite at a glance

β˜• Simple explanation

Imagine you run an office building. Standard Intune gives you door locks and security badges.

The Intune Suite adds three extras to this module:

  • Enterprise App Catalog = a pre-stocked supply room. Instead of ordering every pen, stapler, and printer cartridge individually (packaging each app manually), the supply room has hundreds of items ready to grab (pre-packaged apps with automatic updates).
  • Advanced Analytics = a building health dashboard. It tells you which lifts are running slow, which floors have power issues, and which rooms are too hot β€” before tenants complain. For devices, it spots slow boot times, app crashes, and battery degradation before users call the helpdesk.
  • Remote Help = a maintenance worker who can walk into any room via a security camera feed. They can look around (view-only) or pick up tools and fix things (full control) β€” all with the tenant’s permission and a full audit log.

The Microsoft Intune Suite is a set of add-on capabilities that extend standard Intune (Plan 1). The Suite includes EPM (Module 14), Cloud PKI, Enterprise App Catalog, Advanced Analytics, and Remote Help. Tunnel for MAM (Module 16) is available through the Suite or Intune Plan 2.

Most Suite features require the Intune Suite add-on licence specifically β€” Intune Plan 2 covers only a subset (Tunnel for MAM and some Analytics features).

Enterprise App Catalog

What is it?

A curated catalog of pre-packaged third-party apps that Intune maintains and updates. Instead of manually downloading, packaging, and uploading apps like 7-Zip, Zoom, or Adobe Reader, you select them from the catalog and Intune handles the rest.

FeatureWithout CatalogWith Enterprise App Catalog
App packagingAdmin downloads .exe/.msi, wraps with IntuneWinAppUtilPre-packaged by Microsoft
UpdatesAdmin manually uploads new versionsIntune auto-updates catalog apps
Detection rulesAdmin creates custom rulesPre-configured
Install commandsAdmin definesPre-configured
Effort per app30-60 minutes2 minutes (select and assign)

How to use it

  1. Intune admin center β†’ Apps β†’ All apps β†’ Add β†’ Enterprise App Catalog app
  2. Browse or search the catalog (hundreds of popular apps)
  3. Select the app β†’ configure assignment (required/available)
  4. Assign to device or user groups
  5. Intune handles download, install, and updates

Riko at Pixel and Co saves hours by deploying Zoom, Slack, and Adobe Creative Cloud from the catalog instead of packaging each one manually.

Advanced Analytics

What is it?

Advanced Analytics provides deep insights into device health, performance, and user experience beyond what standard Endpoint Analytics offers.

FeatureStandard Endpoint AnalyticsAdvanced Analytics (Suite)
Startup performanceYesYes + anomaly detection
App reliabilityBasicEnhanced with crash analytics
Device query (KQL)NoYes β€” real-time KQL queries
Battery healthNoYes
Custom reportsLimitedFlexible custom reporting
Anomaly detectionNoYes β€” AI-powered alerts

Key capabilities

  • Anomaly detection β€” automatically identifies devices behaving unusually (sudden battery drain, app crashes, slow boot times) and alerts admins
  • Device query β€” run real-time KQL (Kusto Query Language) queries against enrolled devices to check installed apps, running services, hardware details (covered more in Module 17)
  • Battery health reports β€” track battery degradation across the fleet to plan hardware replacements
πŸ’‘ Exam tip: device query uses KQL

Advanced Analytics enables real-time device queries using KQL (Kusto Query Language). This lets admins query live device data without waiting for inventory sync:

  • Check which apps are installed on a device right now
  • Find devices with a specific registry key
  • List running processes on a device

KQL queries run on-demand against the Intune management extension on the device. This is a powerful troubleshooting tool that the exam may test. We cover KQL queries in detail in Module 17.

Remote Help

What is it?

Remote Help is Intune’s built-in screen sharing and remote control tool β€” like TeamViewer or AnyDesk, but integrated with Entra ID authentication and Intune RBAC.

How it works

  1. Helpdesk agent initiates a session from the Intune admin center or Remote Help app
  2. User receives a session code or direct connection prompt
  3. User approves the connection (consent required)
  4. Agent can view the screen, take full control, or elevate to admin
  5. Session ends and is logged with audit trail

Key features

FeatureWhat It Does
View-only modeSee the user’s screen without taking control
Full controlControl mouse and keyboard on the user’s device
Unattended accessConnect to devices without a user present (for kiosks/shared devices)
ElevationRun elevated commands during a Remote Help session
Entra ID authenticationBoth helpdesk agent and user authenticate via Entra β€” no separate accounts
RBAC enforcementOnly users with the Helpdesk Operator role (or custom role) can initiate sessions
Audit loggingEvery session is logged: who connected, when, duration, actions taken
ℹ️ Deep dive: Remote Help vs third-party tools

Why would you use Remote Help instead of TeamViewer or AnyDesk?

  • Entra ID integration β€” no separate accounts or licences for a remote tool
  • RBAC enforcement β€” Intune roles control who can help whom
  • Conditional access β€” sessions can require compliant devices for both parties
  • Compliance β€” audit logs flow into Intune, not a separate dashboard
  • No third-party dependency β€” fewer vendors, fewer security risks

The trade-off: Remote Help only works with Intune-enrolled devices. For unmanaged devices, you still need a third-party tool.

🎬 Video walkthrough

🎬 Video coming soon

Intune Suite: Apps, Analytics & Remote Help β€” MD-102 Module 15

Intune Suite: Apps, Analytics & Remote Help β€” MD-102 Module 15

~11 min

Flashcards

Question

What is the Enterprise App Catalog in Intune?

Click or press Enter to reveal answer

Answer

A curated catalog of pre-packaged third-party apps (Zoom, Adobe Reader, 7-Zip, etc.) maintained by Microsoft. Admins select apps from the catalog and Intune handles packaging, installation, detection rules, and updates β€” saving hours of manual app packaging.

Click to flip back
Question

What does Intune Advanced Analytics add beyond standard Endpoint Analytics?

Click or press Enter to reveal answer

Answer

AI-powered anomaly detection, real-time device queries using KQL, battery health reports, enhanced app crash analytics, and custom reporting. Standard Endpoint Analytics covers startup performance and basic app reliability.

Click to flip back
Question

How is Remote Help different from third-party tools like TeamViewer?

Click or press Enter to reveal answer

Answer

Remote Help integrates with Entra ID authentication, Intune RBAC roles, conditional access, and Intune audit logging. No separate accounts or licences needed. Trade-off: only works with Intune-enrolled devices.

Click to flip back

Knowledge Check

Knowledge Check

Riko needs to deploy Zoom to 80 devices at Pixel & Co. She used to manually download Zoom, package it with IntuneWinAppUtil, create detection rules, and upload it β€” taking an hour each time Zoom updates. What Intune Suite feature simplifies this?
Knowledge Check

A helpdesk agent at Pixel & Co needs to connect to a designer's Mac to troubleshoot an issue. The agent wants to see the screen and take control. The Mac is enrolled in Intune. What should the agent use?

Next up: Cloud PKI & Tunnel for MAM β€” certificate-based authentication and VPN access for managed apps.

← Previous

Control Admin Rights with EPM

Next β†’

Cloud PKI & Tunnel for MAM

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.