We are in the process of merging Microsoft Learning with Microsoft Learn, which will be complete by June 30, 2020. You’ll find all relevant training and certification information is now available on Microsoft Learn. For more information, refer to the FAQ.
In response to the coronavirus (COVID-19) situation, Microsoft is implementing several temporary changes to our training and certification program. Learn more.



  • Published:
    November 24, 2015
  • Languages:
  • Audiences:
    IT professionals
  • Technology:
    Enterprise Mobility Suite (EMS)
  • Credit toward certification:

Planning for and Managing Devices in the Enterprise

This exam has been retired

For currently available options, please see the Microsoft Certification exam list.

Skills measured

This exam measures your ability to accomplish the technical tasks listed below. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of February 2017, this exam was updated. To learn more about these changes and how they affect the skills measured, please download and review the exam 70-398 change document.

Design for cloud/hybrid identity (15–20%)
  • Plan for Azure Active Directory (AD) identities
    • Design Azure AD identities; Active Directory integration; Azure Multi-Factor Authentication; user self-service from the Azure Access Panel; Azure AD reporting; company branding; design Azure AD Premium features, such as Cloud App discovery, group-based application access, self-service group management, advanced security reporting, and password reset with write-back
  • Design for Active Directory synchronization with Azure AD Connect
    • Design single sign-on, Active Directory Integration scenarios, and Active Directory synchronization tools; plan for Azure AD Synchronization Services; design for Connect Health
Design for device access and protection (15–20%)
  • Plan for device enrollment
    • Design device inventory, mobile device management authority, device management prerequisites, and device enrollment profiles
  • Plan for the Company Portal
    • Customize the Company Portal and company terms and conditions; design configuration policies, compliance policies, conditional access policies, Exchange ActiveSync policies, and policy conflicts
  • Plan protection for data on devices
    • Design for protection of data in email and SharePoint when accessing them from mobile devices, design for protection of data of applications by using encryption, design for full and selective wipes
Design for data access and protection (15–20%)
  • Plan shared resources
    • Design for file and disk encryption and BitLocker encryption; design for the Network Unlock feature; configure BitLocker policies; design for the Encrypting File System (EFS) recovery agent; manage EFS and BitLocker certificates, including backup and restore
  • Plan advanced audit policies
    • Design for auditing using Group Policy and AuditPol.exe, create expression-based audit policies, design for removable device audit policies
  • Plan for file and folder access
    • Design for Windows Server Dynamic Access Control, Web Application Proxy, and Azure Rights Management service (RMS)
Design for remote access (15–20%)
  • Plan for remote connectivity
    • Design remote authentication, configure Remote Desktop settings, design VPN connections and authentication, enable VPN reconnect, configure broadband tethering
  • Plan for mobility options
    • Design for offline file policies, power policies, Windows to Go, sync options, and Wi-Fi direct
Plan for apps (10–15%)
  • Manage RemoteApp
    • Design RemoteApp and Desktop Connections settings, configure Group Policy Objects (GPOs) for signed packages, support iOS and Android
  • Plan app support and compatibility
    • Design for desktop app compatibility using Application Compatibility Toolkit (ACT) including shims and compatibility database, design desktop application co-existence using Hyper-V and App-V, install and configure User Experience Virtualization (UE-V), plan for desktop apps using Microsoft Intune
Plan updates and recovery (15–20%)
  • Plan for system recovery
    • Design for the recovery drive, system restore, refresh or recycle, driver rollback, and restore points
  • Plan file recovery
    • Design for previous versions of files and folders, design File History, recover files from OneDrive
  • Plan device updates
    • Design update settings and Windows Update policies, manage update history, roll back updates, design for Windows Store apps updates

Preparation options

Practice test

Take a Microsoft Official Practice Test for Exam 398


Exam Ref 70-398 Planning for and Managing Devices in the Enterprise
Published: March 15, 2016

Prepare for Microsoft Exam 70-398, and help demonstrate your real-world mastery of planning and designing cloud and hybrid identities and of supporting identity infrastructure for managing devices. Plus, focus on the skills measured in the exam. Designed for experienced IT pros ready to advance their status, this Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the Microsoft Specialist level.

Buy this book at the Microsoft Press Store

Who should take this exam?

This exam validates candidates’ knowledge of and skills in planning and designing cloud and hybrid identities and supporting identity infrastructure for managing devices. Candidates must be able to plan and design policies to protect content using Data Loss Protection (DLP) and for managing and securing mobile devices. They must also be able to plan for and design a platform that provides applications to devices using virtualization with Hyper-V and to perform application management using the Company Portal or Windows Store. Candidates should be able to demonstrate their skills around device designing and implementing device management, security, and integrated Azure features. Candidates who take this exam should already have experience with desktop/devices administration, Windows networking technologies, Active Directory, and Intune. Candidates can take this exam and meet the prerequisites by obtaining equivalent knowledge and skills through practical experience as a Device Support Technician or a Device System Administrator.

More information about exams

Preparing for an exam

We recommend that you review this exam preparation guide in its entirety and familiarize yourself with the resources on this website before you schedule your exam. See the Microsoft Certification exam overview for information about registration, videos of typical exam question formats, and other preparation resources. For information on exam policies and scoring, see the Microsoft Certification exam policies and FAQs.


This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format. To help you prepare for this exam, Microsoft recommends that you have hands-on experience with the product and that you use the specified training resources. These training resources do not necessarily cover all topics listed in the "Skills measured" section.