Duration:
4 Days
Audience:
Employees of federal, state and local governments; and businesses working with the government. The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.
Course Description:
In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management, co-management approaches, and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for Endpoint are explored to protect devices and data.
Course Outline
1. Explore the Enterprise Desktop
- Examine benefits of modern management
- Examine the enterprise desktop life-cycle model
- Examine planning and purchasing
- Examine desktop deployment
- Plan an application deployment
- Plan for upgrades and retirement
2. Explore Windows Editions
- Examine Windows client editions and capabilities
- Select client edition
- Examine hardware requirements
3. Manage Azure Active Directory identities
- Examine RBAC and user roles in Azure AD
- Create and manage users in Azure AD
- Create and manage groups in Azure AD
- Manage Azure AD objects with PowerShell
- Synchronize objects from AD DS to Azure AD
4. Manage device authentication
- Describe Azure AD join
- Examine Azure AD join prerequisites limitations and benefits
- Join devices to Azure AD
- Manage devices joined to Azure AD
5. Enroll devices using Microsoft Configuration Manager
- Deploy the Microsoft Configuration Manager client
- Monitor the Microsoft Configuration Manager client
- Manage the Microsoft Configuration Manager client
6. Enroll devices using Microsoft Intune
- Manage mobile devices with Intune
- Enable mobile device management
- Explain considerations for device enrollment
- Manage corporate enrollment policy
- Enroll Windows devices in Intune
- Enroll Android devices in Intune
- Enroll iOS devices in Intune
- Explore device enrollment manager
- Monitor device enrollment
- Manage devices remotely
7. Execute device profiles
- Explore Intune device profiles
- Create device profiles
- Create a custom device profile
8. Oversee device profiles
- Monitor device profiles in Intune
- Manage device sync in Intune
- Manage devices in Intune using scripts
9. Maintain user profiles
- Examine user profile
- Explore user profile types
- Examine options for minimizing user profile size
- Deploy and configure folder redirection
- Sync user state with Enterprise State Roaming
- Configure Enterprise State Roaming in Azure
10. Execute mobile application management
- Examine mobile application management
- Examine considerations for mobile application management
- Prepare line-of-business apps for app protection policies
- Implement mobile application management policies in Intune
- Manage mobile application management policies in Intune
11. Deploy and update applications
- Deploy applications with Intune
- Add apps to Intune
- Manage Win32 apps with Intune
- Deploy applications with Configuration Manager
- Deploying applications with Group Policy
- Assign and publish software
- Explore Microsoft Store for Business
- Implement Microsoft Store Apps
- Update Microsoft Store Apps with Intune
- Assign apps to company employees
12. Administer endpoint applications
- Manage apps with Intune
- Manage Apps on non-enrolled devices
- Deploy Microsoft 365 Apps with Intune
- Additional Microsoft 365 Apps Deployment Tools
- Configure Microsoft Edge Internet Explorer mode
- App Inventory Review
13. Protect identities in Azure Active Directory
- Explore Windows Hello for Business
- Deploy Windows Hello
- Manage Windows Hello for Business
- Explore Azure AD identity protection
- Manage self-service password reset in Azure AD
- Implement multi-factor authentication
14. Enable organizational access
- Enable access to organization resources
- Explore VPN types and configuration
- Explore Always On VPN
- Deploy Always On VPN
15. Implement device compliance
- Protect access to resources using Intune
- Explore device compliance policy
- Deploy a device compliance policy
- Explore conditional access
- Create conditional access policies
16. Generate inventory and compliance reports
- Report enrolled devices inventory in Intune
- Monitor and report device compliance
- Build custom Intune inventory reports
- Access Intune using Microsoft Graph API
17. Deploy device data protection
- Explore Windows Information Protection
- Plan Windows Information Protection
- Implement and use Windows Information Protection
- Explore Encrypting File System in Windows client
- Explore BitLocker
18. Manage Microsoft Defender for Endpoint
- Explore Microsoft Defender for Endpoint
- Examine key capabilities of Microsoft Defender for Endpoint
- Explore Windows Defender Application Control and Device Guard
- Explore Microsoft Defender Application Guard
- Examine Windows Defender Exploit Guard
- Explore Windows Defender System Guard
19. Manage Microsoft Defender in Windows client
- Explore Windows Security Center
- Explore Windows Defender Credential Guard
- Manage Microsoft Defender Antivirus
- Manage Windows Defender Firewall
- Explore Windows Defender Firewall with Advanced Security
20. Manage Microsoft Defender for Cloud Apps
- Explore Microsoft Defender for Cloud Apps
- Planning Microsoft Defender for Cloud Apps
- Implement Microsoft Defender for Cloud Apps
21. Assess deployment readiness
- Examine deployment guidelines
- Explore readiness tools
- Assess application compatibility
- Explore tools for application compatibility mitigation
- Prepare network and directory for deployment
- Plan a pilot
22. Deploy using the Microsoft Deployment Toolkit
- Evaluate traditional deployment methods
- Set up the Microsoft Deployment Toolkit for client deployment
- Manage and deploy images using the Microsoft Deployment Toolkit
23. Deploy using Microsoft Configuration Manager
- Explore client deployment using Configuration Manager
- Examine deployment components of Configuration Manager
- Manage client deployment using Configuration Manager
- Plan in-place upgrades using Configuration Manager
24. Deploy Devices using Windows Autopilot
- Use Autopilot for modern deployment
- Examine requirements for Windows Autopilot
- Prepare device IDs for Autopilot
- Implement device registration and out-of-the-box customization
- Examine Autopilot scenarios
- Troubleshoot Windows Autopilot
25. Implement dynamic deployment methods
- Examine subscription activation
- Deploy using provisioning packages
- Use Windows Configuration Designer
- Use Azure AD join with automatic MDM enrollment
26. Plan a transition to modern endpoint management
- Explore using co-management to transition to modern endpoint management
- Examine prerequisites for co-management
- Evaluate modern management considerations
- Evaluate upgrades and migrations in modern transitioning
- Migrate data when modern transitioning
- Migrate workloads when modern transitioning
27. Manage Windows 365
- Explore Windows 365
- Configure Windows 365
- Administer Windows 365
28. Manage Azure Virtual Desktop
- Examine Azure Virtual Desktop
- Explore Azure Virtual Desktop
- Configure Azure Virtual Desktop
- Administer Azure Virtual Desktop