Pass Your Microsoft 70-703 Exam Easy!

Microsoft 70-703 (Administering Microsoft System Center Configuration Manager and Cloud Services Integration) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Microsoft 70-703 Administering Microsoft System Center Configuration Manager and Cloud Services Integration exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Microsoft 70-703 certification exam dumps & Microsoft 70-703 practice test questions in vce format.

Decoding the 70-703 Exam: A Guide to SCCM and Cloud Integration

The Microsoft 70-703 exam, "Administering Microsoft System Center Configuration Manager and Cloud Services Integration," was a key certification for IT professionals specializing in enterprise endpoint management. As part of the prestigious MCSE: Mobility track, this exam validated a deep set of skills in managing devices, applications, and updates using Configuration Manager. Crucially, it also marked a significant industry shift by focusing on the integration of this powerful on-premises tool with cloud services like Microsoft Intune.

Although the 70-703 exam is now retired, the technologies and principles it covered are more relevant than ever. The product formerly known as SCCM is now part of the Microsoft Endpoint Manager brand, and the hybrid management model tested in this exam has become the standard for modern device management. Therefore, studying the content of the 70-703 exam provides a robust and essential foundation for any administrator working with Microsoft Endpoint Configuration Manager (MECM) and Intune today.

This five-part series will serve as an in-depth guide to the core competencies that were required to pass the 70-703 exam. We will explore the fundamental architecture of a Configuration Manager hierarchy, the intricacies of client management and inventory, the deployment of applications and software updates, and the powerful capabilities of operating system deployment. A significant focus will be placed on the cloud integration pieces, which were a defining feature of this particular exam.

For any systems administrator or endpoint engineer, the skills covered in this series are not just historical curiosities; they are the bedrock of modern endpoint management. The ability to design a site hierarchy, manage content distribution, and leverage the cloud for managing internet-based clients is a critical skill set in today's distributed work environments. This guide will provide the detailed knowledge needed to master these concepts and understand the evolution of this powerful platform.

Core Concepts of Endpoint Management

Before diving into the technical specifics of the 70-703 exam, it is important to understand the fundamental purpose of an endpoint management solution like Configuration Manager. In any large organization, managing the lifecycle of hundreds or thousands of desktop computers, laptops, and servers is an immense challenge. An endpoint management system is designed to automate and centralize these tasks, bringing order and efficiency to the process.

The primary goal is to manage the complete lifecycle of a device. This starts with its initial deployment, often using an automated operating system installation process. Once a device is deployed, the system is responsible for keeping it healthy, secure, and compliant. This involves inventorying its hardware and software, deploying necessary applications, distributing monthly security updates, and ensuring that it adheres to corporate security policies.

Configuration Manager provides a single, unified console for managing all these disparate tasks. It allows an administrator to define policies and deployments that are then automatically enforced across the entire fleet of managed devices. This not only improves operational efficiency but also significantly enhances the organization's security posture by ensuring that all devices are consistently patched and configured according to best practices. The 70-703 exam was designed to validate an administrator's ability to effectively wield this powerful tool.

SCCM Architecture and Site System Roles

A thorough understanding of the Configuration Manager architecture was a non-negotiable prerequisite for the 70-703 exam. The platform is built on a hierarchical model of sites, with each site containing one or more servers that are assigned specific functions, known as site system roles. This distributed architecture is designed to be highly scalable, capable of managing hundreds of thousands of clients across a global enterprise.

The hierarchy can consist of several types of sites. A Central Administration Site (CAS) sits at the top of the hierarchy and is used for large-scale deployments to provide central administration and reporting. It does not manage clients directly. Below the CAS are one or more Primary Sites. A Primary Site is where the real work happens; it manages the clients in a specific geographical or logical region and stores their data in its own SQL database. A standalone Primary Site is the most common deployment model for many organizations.

Optionally, a Primary Site can have one or more Secondary Sites beneath it. A Secondary Site is typically used in a remote location with a slow WAN link. It helps to control the flow of network traffic by providing a local point of management and content distribution for the clients in that location.

Within each site, you deploy various site system roles. The Management Point (MP) is the primary point of communication for clients, providing them with policy and location information. The Distribution Point (DP) is responsible for storing and providing the content (applications, updates) that clients need to download. The Software Update Point (SUP) integrates with WSUS to manage the software update process. The 70-703 exam required a deep understanding of these roles and their interactions.

Designing an SCCM Hierarchy

One of the first and most important tasks in any Configuration Manager deployment is to design the site hierarchy correctly. The 70-703 exam required an administrator to understand the key factors that influence this design. A well-designed hierarchy will be performant, scalable, and easy to manage, while a poorly designed one can lead to performance bottlenecks and administrative headaches. The primary decision is whether a single, standalone Primary Site is sufficient or if a more complex, multi-site hierarchy with a CAS is required.

For most organizations, even very large ones, a single standalone Primary Site is the recommended and preferred approach. A modern Primary Site can support up to 150,000 clients, which is more than enough for the majority of enterprises. A single-site design is much simpler to manage, requires less server infrastructure, and avoids the complexities of database replication that are inherent in a multi-site hierarchy.

A hierarchy with a Central Administration Site (CAS) is only required in very specific, large-scale scenarios. The primary reason to use a CAS is if you need to manage more clients than a single Primary Site can support, or if you have complex political or administrative requirements that necessitate separate Primary Sites for different regions (e.g., North America and Europe), but you still want a single, consolidated point for reporting and administration.

Other design considerations include the placement of Secondary Sites and the distribution of the key site system roles. For example, you will need to plan the placement of your Distribution Points to ensure that clients in all your locations have a local and fast source for content downloads. The ability to analyze a set of business requirements and design an appropriate site hierarchy was a key skill for the 70-703 exam.

The Discovery Process: Finding Your Resources

Configuration Manager cannot manage a device or a user until it knows that it exists. The process of populating the SCCM database with potential management targets is called Discovery, and it was a foundational topic for the 70-703 exam. Discovery is a set of methods that you can configure to scan your network and Active Directory environment to find computer, user, and group resources.

The most common and important discovery method is Active Directory System Discovery. When you configure this method, you specify one or more locations (Organizational Units) in your Active Directory that SCCM should scan. On a schedule, it will then query the domain controllers and create a resource record in its database for every computer object it finds in those locations. This is the primary way that SCCM learns about the computers in your environment.

Similarly, there are Active Directory User Discovery and Group Discovery methods. These work in the same way but are used to discover user and group objects from Active Directory. This is essential for creating user-based collections and for deploying applications to users instead of to devices.

Another key method is Heartbeat Discovery. This is run by the SCCM client itself on a regular schedule (by default, every 7 days). The client sends a small discovery data record to the Management Point. This serves as a "I'm still alive" signal and is the primary way that the system knows that a client is still active. It is also used to trigger the data cleanup tasks that remove obsolete client records. Understanding the purpose of each of these discovery methods was critical for the 70-703 exam.

Understanding Boundaries and Boundary Groups

Once clients are discovered and the SCCM client agent is installed, they need to be able to find the key site system roles, especially the Management Points and Distribution Points. The mechanism that enables this is Boundaries and Boundary Groups. The 70-703 exam required a deep and practical understanding of how to configure these critical infrastructure components, as they are the foundation of all client communication and content delivery.

A Boundary is simply a defined network location. The most common way to define a boundary is by using an IP subnet or an Active Directory site. You would create boundaries that correspond to the different physical and logical network segments in your organization. For example, you would create a boundary for the IP subnet that is used by your main office and another for the AD site that represents your branch office.

Individual boundaries, however, do not do anything on their own. To make them useful, you must group them into a Boundary Group. A Boundary Group is a collection of one or more boundaries. You then associate your site system servers, such as your Management Points and Distribution Points, with that Boundary Group.

When a client needs to find a service, it determines which boundary it is currently in based on its network location. It then asks the site for a list of servers that are associated with the Boundary Group that contains its boundary. This is how a client in a branch office is directed to use its local Distribution Point instead of pulling content over the slow WAN link from a DP at the head office. Proper configuration of boundaries is absolutely critical for content management.

The Cloud Management Gateway (CMG)

A major focus of the 70-703 exam was the integration with cloud services, and the most important feature in this area was the Cloud Management Gateway, or CMG. The CMG was a revolutionary feature that solved a long-standing challenge for Configuration Manager: how to manage clients that are on the internet without requiring them to connect to the corporate network via a VPN.

A CMG is essentially a set of site system roles that are deployed as a Platform as a Service (PaaS) instance in Microsoft Azure. It is a lightweight and highly secure reverse proxy that runs in the cloud. The CMG service in Azure communicates with a special on-premises role called the CMG Connection Point. This connection point acts as a bridge, relaying the communication from the internet-based clients to the on-premises Management Point.

When an SCCM client is on the internet, it is configured to communicate with the CMG instead of the on-premises Management Point. All the communication is secured using certificates and is tunneled over standard HTTPS (port 443), which is typically open on most firewalls. This allows the client to continue to receive policy, send inventory data, and get information about software deployments, even when it is not on the corporate network.

The CMG can also be configured to act as a cloud-based Distribution Point. This allows internet-based clients to download content, such as application installers and software updates, directly from the cloud instead of having to connect via a VPN to pull the content from an on-premises DP. The ability to design and configure a CMG was a brand-new and critical skill for the 70-703 exam.

Initial Setup and Configuration of a Primary Site

While the 70-703 exam was not a hands-on installation test, it required a conceptual understanding of the process of setting up a new Primary Site and performing the initial configuration. A successful deployment starts with careful planning, including sizing the server hardware and the SQL Server correctly based on the expected number of clients. The installation process itself is performed using the setup wizard from the installation media.

The wizard guides you through the process of installing the necessary prerequisites, connecting to the SQL Server, and installing the core site components. After the installation is complete, the real work begins in the Configuration Manager console. There are several critical post-installation tasks that must be performed before the site is ready to manage clients.

The first step is to configure the Discovery methods, as discussed previously, to populate the database with your user and computer resources. The next critical step is to configure the Boundaries and Boundary Groups to define your network topology and to associate your site system roles with those locations. You also need to configure the client installation settings and the accounts that will be used for client push installation.

Other key initial tasks include configuring the site maintenance tasks, which are essential for keeping the database clean and performant, and configuring the backup task to ensure your site is protected. A methodical approach to this initial setup and configuration is the foundation of a healthy and stable Configuration Manager environment, and a solid understanding of these steps was a key part of the knowledge required for the 70-703 exam.

The SCCM Client: Installation and Health

The foundation of all management in Configuration Manager is the client agent. Without a healthy client installed on a device, the server has no way to manage it. The 70-703 exam required a deep and practical understanding of the entire client lifecycle, from initial deployment to ongoing health monitoring. There are several methods available for deploying the client agent to your managed devices.

The most common method for deploying the client to existing computers is Client Push Installation. This is a server-initiated process where the site server connects to the target computer over the network, copies the client installation files to it, and then remotely executes the installation. This method requires the site server to have local administrative rights on the target computers and for the necessary firewall ports to be open.

Other popular deployment methods include using a Group Policy Object (GPO) in Active Directory to assign the client software, or including the client installation as a step in an operating system deployment task sequence for new computers. For workgroup computers or machines in an untrusted domain, a manual installation is also possible.

Once the client is installed, ensuring its ongoing health is a critical task. Configuration Manager includes a built-in feature called Client Health. This is a set of scheduled tasks and a dashboard that proactively monitors the health of the clients in your environment. If it detects a problem with a client, such as a corrupted file or a stopped service, it can attempt to automatically remediate it. The ability to deploy and maintain a healthy client population was a cornerstone of the 70-703 exam.

Configuring and Managing Client Settings

The behavior of the Configuration Manager client agent on your devices is not hard-coded; it is controlled by a flexible set of policies known as Client Settings. The 70-703 exam required a thorough understanding of how to configure and deploy these settings to tailor the client's behavior to meet your organization's specific needs. Client Settings are managed from the 'Administration' workspace in the Configuration Manager console.

There is a single, default set of client settings that applies to all clients in the hierarchy. However, the best practice is to create custom client setting policies and deploy them to specific collections of devices. This allows you to have different settings for different populations. For example, you might want your servers to have a different inventory schedule and different power management settings than your desktop computers.

The client settings are organized into several categories, each controlling a different aspect of the client's functionality. For example, the 'Hardware Inventory' settings control how often the client scans for and reports its hardware configuration. The 'Software Updates' settings control the user experience for patch installation. The 'Remote Tools' settings allow you to enable or disable remote control for a specific set of machines.

When multiple client setting policies are deployed to the same device, the system calculates a 'Resultant Client Setting' by merging the settings from all the applicable policies based on their priority. The ability to design and deploy these granular client setting policies to enforce corporate standards was a key administrative skill for the 70-703 exam.

Hardware and Software Inventory Collection

One of the most fundamental functions of Configuration Manager is its ability to collect detailed inventory information from all your managed devices. The 70-703 exam required a solid understanding of this process and how to use the collected data. The inventory data provides a rich repository of information that is the foundation for many other management tasks, from asset management to targeted software deployments.

Hardware Inventory collects a wealth of information about the physical and virtual hardware of a device. The client agent uses Windows Management Instrumentation (WMI) to scan the device and collect data on hundreds of different hardware classes, such as the processor, memory, disk drives, and network adapters. This information is sent back to the site server and stored in the SCCM database. An administrator can view the full hardware inventory for a specific device using a tool called Resource Explorer.

Software Inventory is used to collect information about the files and installed applications on a device. It can be configured to scan for specific file types (e.g., all .exe files) or to collect the information about all the applications that are listed in the 'Add/Remove Programs' (or 'Programs and Features') control panel. This is useful for software asset management and for identifying unauthorized software.

The real power of the inventory data is its use in creating collections. All the collected inventory data can be used as criteria in a query-based collection rule. For example, you could easily create a collection of all computers that have less than 8 GB of RAM or a collection of all devices that have a specific version of an application installed.

Creating Collections for Targeted Management

Collections are the fundamental organizing and targeting mechanism in Configuration Manager. The 70-703 exam placed a massive emphasis on the ability to create and manage collections, as virtually every administrative action, from deploying an application to applying a security policy, is targeted at a collection. A collection is simply a grouping of resources, which can be either users or devices.

There are two main types of collections, based on how their membership is defined. A 'Direct Rule' collection has a static, manually defined membership. An administrator explicitly adds specific users or devices to the collection. This is useful for creating small, specific groups for testing or for one-off deployments.

The real power, however, lies in 'Query Rule' collections. The membership of a query rule collection is dynamic and is defined by a query that is run against the SCCM database. The query is written in a language called WMI Query Language (WQL), which has a syntax that is very similar to SQL. The query rule can be based on any data that is in the database, such as hardware inventory, software inventory, or discovery data.

For example, you could create a query rule to automatically group all Windows 10 devices, all laptops, or all computers in a specific Active Directory OU. The membership of these collections is updated automatically on a schedule, so as new devices are added to the environment that meet the query criteria, they are automatically added to the collection. Mastering the art of writing WQL queries to create these dynamic collections was a key skill for the 70-703 exam.

The Application Model vs. Packages and Programs

A major architectural shift in Configuration Manager 2012, and a key topic for the 70-703 exam, was the introduction of the modern 'Application Model'. This was a new and more intelligent way to manage and deploy software, and it replaced the legacy 'Packages and Programs' model from older versions. An administrator upgrading their skills needed to fully understand the benefits and the mechanics of this new model.

The legacy Packages and Programs model was very simple. A package was just a container for the source files, and a program was a simple command line to be executed on the client. It was essentially "fire and forget." The server told the client to run a command, but it had no real intelligence about whether the software was actually needed or if it installed successfully.

The new Application Model is much more sophisticated and state-based. An 'Application' is a high-level object that represents the software itself. Within the application, you define one or more 'Deployment Types'. A deployment type represents a specific method of installing the software, for example, using a Windows Installer (MSI) file for a physical PC and a different package for a virtual application.

The key innovation of the Application Model is the use of 'Requirement Rules' and 'Detection Methods'. A requirement rule specifies the conditions under which a deployment type can be installed (e.g., 'only on 64-bit Windows 10'). A detection method is a rule that the client uses to determine if the application is already installed. This intelligence allows the system to be much more efficient and reliable.

Creating and Deploying an Application

The practical, hands-on ability to create and deploy an application using the new Application Model was a critical skill for the 70-703 exam. The entire process is managed through a wizard-based interface in the 'Software Library' workspace of the Configuration Manager console. The process begins by creating a new application.

The wizard is intelligent and can often automatically extract the necessary information directly from the installer files. For example, if you point the wizard to a Windows Installer (MSI) file, it will automatically parse the file to determine the application name, the installation command line, and, most importantly, the MSI product code that will be used for the detection method.

After the application and its initial deployment type are created, you can further refine its properties. This is where you would add any requirement rules. For example, you could add a requirement that the device must have a certain amount of free disk space before the installation will proceed. You can also create dependencies, which ensure that another required application is installed first.

Once the application is fully defined, the final step is to deploy it to a collection. When you create a deployment, you specify the target collection and whether the deployment is 'Available' or 'Required'. An 'Available' deployment will appear in the user's Software Center, and they can choose to install it on-demand. A 'Required' deployment will be automatically installed by the client at a specified deadline. This entire workflow was a core competency for the 70-703 exam.

Managing the Software Center Experience for Users

The primary interface for end-users to interact with Configuration Manager is the Software Center. The 70-703 exam required an administrator to understand how to manage and customize this user-facing portal. The Software Center is a client-side application that is installed as part of the SCCM client. It provides a simple, "app store"-like experience for corporate users.

From the Software Center, a user can see a list of all the applications that have been made 'Available' to them or their device. They can browse this catalog, view the details of each application, and then click an 'Install' button to install the software on-demand. This self-service model empowers users and significantly reduces the number of helpdesk tickets for routine software installation requests.

The Software Center is also the interface for managing 'Required' deployments. A user can see which applications and updates are scheduled to be installed on their machine and when the deadline is. They can often choose to proactively install a required application before the deadline, giving them more control over the process. The Software Center also provides visibility into the installation status and history.

An administrator has a significant amount of control over the look and feel and the functionality of the Software Center. This is configured through the 'Client Settings'. You can customize the branding with your company's name and logo, and you can control which tabs and features are visible to the user. A well-managed Software Center experience is key to user adoption and satisfaction, making this an important topic for the 70-703 exam.

Monitoring Application Deployments

After an application has been deployed, the administrator's job shifts to monitoring the progress and success of that deployment. The 70-703 exam required a deep familiarity with the monitoring tools available in the Configuration Manager console. The console provides a rich, real-time view of the status of every deployment, allowing you to quickly identify any issues and to track the overall compliance of your environment.

The primary tool for this is the 'Monitoring' workspace. From here, you can navigate to the 'Deployments' node to see a list of all your active deployments. The summary view provides a high-level, graphical overview of the deployment's status, showing a pie chart with the number of clients in different states, such as 'Success', 'In Progress', 'Error', or 'Requirements Not Met'.

This allows you to see at a glance how the rollout of a new application is progressing. You can then drill down into each of these categories to see a list of the specific devices in that state. For clients that are in an error state, the console will often show a specific error code or message that can help you to diagnose the root cause of the installation failure.

In addition to the real-time monitoring view, Configuration Manager also includes a large library of standard SQL Server Reporting Services reports for application management. These reports can provide more detailed and historical trend analysis of your application deployments. The ability to use both the real-time monitoring console and the historical reports to track and troubleshoot application deployments was a core operational skill for the 70-703 exam.

The Software Update Management (SUM) Process

Keeping servers and workstations patched against security vulnerabilities is one of the most critical functions of an endpoint management system. The 70-703 exam dedicated a significant portion of its curriculum to the Software Update Management (SUM) capabilities of Configuration Manager. The platform provides a comprehensive and highly automated framework for managing the entire monthly patch lifecycle, from synchronization and assessment to deployment and reporting.

The SUM process in Configuration Manager is built on top of the standard Microsoft Windows Server Update Services (WSUS) platform. SCCM integrates with and extends the capabilities of WSUS to provide a much more powerful and granular deployment and reporting engine. The overall workflow begins with the synchronization of the software update catalog from Microsoft Update to your local WSUS/SCCM server.

After the catalog of available updates is synchronized, the SCCM clients will perform a scan to assess which of these updates are required. This compliance data is then reported back to the site server. The administrator can then use this data to identify the necessary patches, group them together, and create a deployment to push them out to the clients.

The deployment process itself is highly controlled, with features like Maintenance Windows to ensure that patches are only installed and servers are only rebooted during pre-approved time slots. A deep and practical understanding of this end-to-end patch management workflow was a non-negotiable requirement for anyone taking the 70-703 exam.

Configuring the Software Update Point (SUP)

The foundation of the Software Update Management process in Configuration Manager is the Software Update Point (SUP) site system role. The 70-703 exam required a detailed understanding of how to install, configure, and manage this critical role. The SUP is the component that integrates SCCM with your Windows Server Update Services (WSUS) server. It is responsible for orchestrating the synchronization of the update catalog and for instructing clients on which server to scan against.

The installation of the SUP role is done from the SCCM console. The wizard requires you to have a functioning WSUS server already installed. During the setup, you configure the connection to the WSUS server and, most importantly, the synchronization settings. You specify whether your SUP should synchronize its updates directly from Microsoft Update on the internet or from an upstream WSUS server.

A critical part of the SUP configuration is defining the 'Products' and 'Classifications' that you want to synchronize. The 'Products' list allows you to select the specific Microsoft products you manage in your environment, such as Windows 10, Windows Server 2012, or Office 365. The 'Classifications' list allows you to choose the types of updates you want to download, such as 'Critical Updates', 'Security Updates', or 'Update Rollups'.

Being selective in this configuration is a key best practice. Synchronizing every single product and classification can lead to a massively bloated WSUS database and slow performance. You should only synchronize the updates that are relevant to your environment. The ability to correctly configure these SUP settings was a fundamental skill for the 70-703 exam.

Creating Software Update Groups and Deployment Packages

After the SUP has synchronized the catalog of available updates, the administrator's next task is to identify the updates that need to be deployed and to package them for distribution. The 70-703 exam required proficiency in this core monthly workflow. The process begins in the 'All Software Updates' node of the console, which can contain thousands of individual updates.

An administrator will typically filter this view to find the updates they need. A common workflow for "Patch Tuesday" is to filter for all 'Security Updates' that are 'Required' by one or more clients and were released in the last month. This gives you a targeted list of the security patches that need to be deployed.

The next step is to group these updates together into a 'Software Update Group' (SUG). A SUG is simply a collection of updates that you want to manage and deploy as a single entity. You would select all the required security updates for the month and create a new SUG, for example, "September 2025 Security Updates."

Finally, you must download the actual update files (the binaries) from Microsoft and store them on your Distribution Points. This is done by selecting the SUG and running a wizard to create a 'Deployment Package'. The deployment package is the content that will be distributed to your DPs. This structured workflow of finding updates, creating a SUG, and downloading them into a deployment package was a key process to master for the 70-703 exam.

Deploying Software Updates and Managing Maintenance Windows

Once you have created a Software Update Group and downloaded its content into a deployment package, the final step is to deploy it to a collection of clients. The 70-703 exam required a deep understanding of the deployment wizard and its various options, particularly the settings that control the user experience and the installation schedule. The deployment process is what makes the updates available to clients and enforces their installation.

The deployment wizard has several key pages. You first select the target collection for the deployment. You then specify whether the deployment is 'Available' or 'Required'. For software updates, the deployment will almost always be 'Required'. The most critical page is the 'Scheduling' page. This is where you define the deadline for the installation. Any client that has not installed the required updates by this deadline will have them automatically installed.

A critical concept for managing server patching, and a key topic for the 70-703 exam, is the 'Maintenance Window'. A maintenance window is a specific period of time that you can define for a collection, during which SCCM is allowed to perform disruptive actions, such as installing software or rebooting the server.

If a server is a member of a collection that has a maintenance window defined, the SCCM client will only install the required updates and perform the necessary reboots during that window, even if the deployment deadline has passed. This is an essential control mechanism to prevent patches from being automatically installed and rebooting a critical production server in the middle of the business day.

Introduction to Compliance Settings (Desired Configuration Management)

Beyond patching, another key aspect of security and operational hygiene is ensuring that your servers and workstations are configured correctly and consistently. The 70-703 exam required a solid understanding of the 'Compliance Settings' feature in Configuration Manager, which was formerly known as Desired Configuration Management (DCM). This feature provides a powerful framework for defining a desired configuration state and then assessing your clients for compliance against it.

Compliance Settings allow you to automate the process of checking for "configuration drift." Over time, the configurations of servers can drift away from the standard, hardened build due to manual changes or other factors. This can introduce security vulnerabilities or operational instability. The Compliance Settings feature allows you to define a baseline of what the correct configuration should be and then to automatically detect any devices that deviate from that baseline.

The process involves creating 'Configuration Items' (CIs) and 'Configuration Baselines'. A CI is a specific setting that you want to check, such as the value of a registry key, the version of a specific file, or whether a particular Windows feature is enabled. A Configuration Baseline is a collection of one or more CIs that are grouped together to represent a complete desired state for a system.

You then deploy this baseline to a collection of devices. The SCCM clients will evaluate the settings in the baseline and will report back their compliance status. This allows an administrator to quickly identify all the machines that are non-compliant and may even automatically remediate the incorrect settings if configured to do so. This powerful feature was a key topic for the 70-703 exam.

Creating Configuration Items (CIs) and Baselines

The practical ability to create Configuration Items and Baselines was a core skill for the 70-703 exam. This is where the power of the Compliance Settings feature is realized. The process is managed through the 'Compliance Settings' node in the 'Assets and Compliance' workspace of the SCCM console. It all starts with the creation of one or more Configuration Items (CIs).

When you create a new CI, a wizard guides you through the process. You first specify the type of setting you want to evaluate. The CI can check for a wide range of object types, including registry keys, files and folders, SQL queries, and WMI queries. For each setting, you define the criteria for compliance. For example, for a registry key, you could specify that the value must be equal to a certain number for the device to be considered compliant.

A powerful feature of CIs is the ability to not only detect non-compliant settings but also to automatically remediate them. For many setting types, you can specify a 'remediation' action. For example, if the CI detects that a required registry key is missing, you can configure it to automatically create that key with the correct value.

Once you have created your CIs, the next step is to group them into a Configuration Baseline. A baseline is the unit of deployment. You would create a new baseline, for example, "Standard Web Server Security Baseline," and then add all the relevant CIs to it. This baseline now represents the complete, desired configuration for your web servers, and it is ready to be deployed to the appropriate collection.

Conclusion

In addition to patch management and configuration compliance, a third critical pillar of endpoint security is protection against malware. The 70-703 exam required administrators to be proficient in using Configuration Manager to manage the built-in Microsoft anti-malware solution. At the time of the exam, this was known as System Center Endpoint Protection (SCEP), but the technology has since evolved into the modern Microsoft Defender Antivirus.

Configuration Manager provides a single, integrated console for managing all aspects of the Endpoint Protection client. This includes deploying the client agent itself, configuring the anti-malware policies that are applied to the clients, managing the process for distributing the daily malware definition updates, and monitoring the overall health and status of the protected endpoints.

The core of the management is the 'Antimalware Policy'. An administrator can create multiple policies and deploy them to different collections. Within the policy, you can configure all the settings for the anti-malware client, such as the real-time protection settings, the scheduled scan settings, and the default actions to take when malware is detected (e.g., quarantine or remove).

Configuration Manager also takes over the management of the malware definition updates. The Software Update Point (SUP) can be configured to synchronize the Endpoint Protection definitions. You can then use Automatic Deployment Rules (ADRs) to automatically download these new definitions every day and to distribute them to your clients, ensuring that your endpoints are always protected against the latest threats. This integrated management capability was a key topic for the 70-703 exam.

Go to testing centre with ease on our mind when you use Microsoft 70-703 vce exam dumps, practice test questions and answers. Microsoft 70-703 Administering Microsoft System Center Configuration Manager and Cloud Services Integration certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Microsoft 70-703 exam dumps & practice test questions and answers vce from ExamCollection.