Overnight I received notification that the results were in for those who sat the beta version of the 70-398 Planning For And Managing Devices In The Enterprise, and thankfully I’d managed to get through. One of the hardest parts of preparing for beta exams is that you don’t have much to go by in terms of specific preparation content. More often than not in my case it turns into a somewhat chaotic effort to pull together a diverse range of resources that hopefully match what the exam needs, which can end up being something of a never ending series of rabbit holes to try to cover all of the exam objectives.



Here are the objectives for the exam as they currently stand.

Much like the 70-697 Windows 10 exam, it’s important to note that this is not a pure Windows client exam. There are many server and cloud technologies that Windows 10 integrates with that you will be tested on, so don’t underestimate the importance of these.

Design for cloud/hybrid identity (15–20%)

  • Plan for Azure Active Directory (AD) identities
    • Design Azure AD identities; Active Directory integration; Azure Multi-Factor Authentication; user self-service from the Azure Access Panel; Azure AD reporting; company branding; design Azure AD Premium features, such as Cloud App discovery, group-based application access, self-service group management, advanced security reporting, and password reset with write-back
  • Design for Active Directory synchronization with Azure AD Connect
    • Design single sign-on, Active Directory Integration scenarios, and Active Directory synchronization tools; plan for Azure AD Synchronization Services; design for Connect Health

Design for device access and protection (15–20%)

  • Plan for device enrollment
    • Design device inventory, mobile device management authority, device management prerequisites, and device enrollment profiles
  • Plan for the Company Portal
    • Customize the Company Portal and company terms and conditions; design configuration policies, compliance policies, conditional access policies, Exchange ActiveSync policies, and policy conflicts
  • Plan protection for data on devices
    • Design for protection of data in email and SharePoint when accessing them from mobile devices, design for protection of data of applications by using encryption, design for full and selective wipes

Design for data access and protection (15–20%)

  • Plan shared resources
    • Design for file and disk encryption and BitLocker encryption; design for the Network Unlock feature; configure BitLocker policies; design for the Encrypting File System (EFS) recovery agent; manage EFS and BitLocker certificates, including backup and restore
  • Plan advanced audit policies
    • Design for auditing using Group Policy and AuditPol.exe, create expression-based audit policies, design for removable device audit policies
  • Plan for file and folder access
    • Design for Windows Server Dynamic Access Control, Web Application Proxy, and Azure Rights Management service (RMS)

Design for remote access (15–20%)

  • Plan for remote connectivity
    • Design remote authentication, configure Remote Desktop settings, design VPN connections and authentication, enable VPN reconnect, configure broadband tethering
  • Plan for mobility options
    • Design for offline file policies, power policies, Windows to Go, sync options, and Wi-Fi direct

Plan for apps (15–20%)

  • Manage RemoteApp
    • Design RemoteApp and Desktop Connections settings, configure Group Policy Objects (GPOs) for signed packages, subscribe to the Azure RemoteApp and Desktop Connections feeds, export and import Azure RemoteApp configurations, support iOS and Android, configure Remote Desktop Web Access for Azure RemoteApp distribution
  • Plan app support and compatibility
    • Design for desktop app compatibility using Application Compatibility Toolkit (ACT), including shims and compatibility database; design desktop application co-existence using Hyper-V, Azure RemoteApp, and App-V; install and configure User Experience Virtualization (UE-V); plan for desktop apps using Microsoft Intune

Plan updates and recovery (15–20%)

  • Plan for system recovery
    • Design for the recovery drive, system restore, refresh or recycle, driver rollback, and restore points
  • Plan file recovery
    • Design for previous versions of files and folders, design File History, recover files from OneDrive
  • Plan device updates
    • Design update settings and Windows Update policies, manage update history, roll back updates, design for Windows Store apps updates