This 5-day course is intended to provide you with the knowledge and skills to manage your organization’s Windows 11 devices in both on-premises and cloud-based scenarios.
By completing this course, you’ll be able to:
• Deploy and upgrade Windows operating systems
• Manage and synchronize user state across Windows devices
• Implement and troubleshoot networking, including managing remote access
• Manage device compliance and security features on Windows 11
• Implement conditional access, Windows Hello, and MFA
• Deploy and manage apps
• Configure devices using both Group Policy and Microsoft Intune
• Monitor and optimize Windows
• Troubleshoot and recover Windows 11
This course is aimed at support personnel working in organizations that have a continued Active Directory on-premises environment, but are also moving resources and devices to Microsoft 365.
Before attending this course, you must:
• Have configured Windows client operating systems, such as Windows 7 or newer
• Have some working experience with Windows Server on-premises environments
• Be familiar with cloud fundamentals and Microsoft 365 workloads in particular
• Be able to configure basic network settings on Windows client devices
• Understand basic security principles, such as authentication, authorization, exploit protection, and defense in depth
Module 1 – Introducing Windows 11
In this module, students learn about the system architecture of Windows 11. They’ll also learn how to manage processes, and perform remote management using Quick Assist, PowerShell Remoting, and Windows Admin Center.
Lesson outline:
L1: What’s new in Windows 11?
• What’s new in Windows 11 24H2?
• What can we expect in Windows 12?
• New features for IT administrators
L2: Windows 11 system architecture
• Application subsystems
• The executive
• The kernel, process management, and storage
• Devices and drivers
Lab A: Exploring processes
• Exercise 1: Installing Sysinternals Suite
• Exercise 2: Using the tools in the Sysinternals Suite
L3: Remote management options
• Remote Desktop
• Quick Assist
• Windows PowerShell
• Windows Admin Center
• TeamViewer
• Intune Remote Help
L4: Implement remote management using PowerShell
• What is PowerShell?
• Using PowerShell commands
• Enabling PowerShell remoting
• Demo: Managing devices with PowerShell Remoting
L5: Implement remote management using Windows Admin Center
• WAC requirements
• Installing Windows Admin Center
• Demo: Using Windows Admin Center
Lab B: Managing Windows devices remotely
• Exercise 1: Enable remote management
• Exercise 2: Manage a remote device using Quick Assist
• Exercise 3: Implement PowerShell Remoting
• Exercise 4: Implement Windows Admin Center
After completing this module, students can:
• Describe what’s new in Windows 11
• Understand the Windows 11 system architecture
• Explore system processes
• Select a remote management option
• Implement remote management using PowerShell
• Implement remote management using Windows Admin Center
Module 2 – Provisioning Windows 11
In this module, students learn how to deploy and provision Windows 11 by using both on-premises tools, such as imaging with MDT, and modern tools, such as Autopilot and Windows Configuration Designer.
Lesson outline:
L1: Overview of provisioning options
• Imaging
• Provisioning
• Subscription Activation
• Windows Autopilot
L2: Deployment using MDT
• Overview of MDT
• Description of task sequences
• Demonstration: Deploying Windows 11 using MDT
L3: Provision by using Windows Configuration Designer
• Overview of Windows ADK
• Creating Windows Configuration Designer provisioning packages
• Deploying provisioning packages during OOBE
• Demonstration: Creating and using provisioning packages
L4: Provision by using Intune
• Overview of Windows AutoPilot
• AutoPilot requirements
• Demonstration: Configuring for AutoPilot
L5: Licensing and activation
• What is activation?
• Activation methods
Lab: Provisioning and updating Windows 11
• Exercise 1: Using MDT to deploy Windows 11
• Exercise 2: Creating a provisioning package
• Exercise 3: Deploying a provisioning package
• Exercise 4: Provisioning Windows 11 with Autopilot
After completing this module, students can:
• Deploy Windows 11 with on-premises tools
• Provision Windows 11 using modern tools
• Update Windows 11 with Intune
Module 3 – Upgrading to Windows 11
In this module, students learn upgrade and migrate to Windows 11.
Lesson outline:
L1: Assess hardware and software compatibility
• Minimum and recommended hardware
• Devices and device drivers
• Application compatibility
L2: Perform in-place upgrade or wipe-and-load migration?
• Choosing an in-place upgrade
• When to use a wipe and load migration
L3: Use MDT to upgrade
• Create the appropriate task sequence
L4: Use Intune to upgrade
• Endpoint analytics Windows 11 readiness
• Windows Update rings
L5: Migrate user state
• Overview of user state
• Using USMT
• Using OneDrive Known Folder Move
Lab: Upgrading to Windows 11
• Exercise 1: Assess upgrade readiness
• Exercise 2: Perform an in-place upgrade with MDT
• Exercise 3: Perform an in-place upgrade with Intune
After completing this module, students can:
• Assess hardware and software compatibility
• Perform in-place upgrades or wipe-and-load migrations
• Use MDT to upgrade
• Use Intune to upgrade
• Migrate user state
In this module, students learn to implement networking in Windows 11, and to troubleshoot network settings.
Lesson outline:
L1: Configure networking
• IPv4 addressing
• IPv6 addressing
• Implementing an IPv4 network
• Implementing an IPv6 network
L2: Implement name resolution
• Name resolution methods
• How DNS works
• Reviewing DNS zones
• Configuring client DNS settings
L3: Implement remote access
• Available remote access options
• Implement RADIUS with NPS
• Deploy VPN settings with WCD and Intune
L4: Troubleshoot networks
• Troubleshoot network connections
• Troubleshoot name resolution
• Troubleshoot VPNs
Lab: Configuring and troubleshooting networking
• Implementing and troubleshoot a network connectivity issue
• Implementing and troubleshoot name resolution
• Implementing and troubleshoot remote access
After completing this module, students can:
• Configure networking
• Implement name resolution
• Implement remote access
• Troubleshoot networks.
Module 5 – Managing identity and access
Lesson outline:
L1: Overview of identity providers
• Active Directory
• Entra ID
• Entra Domain Services
• Synchronizing identities to the cloud
L2: Implement Entra ID registration
• Device register
• Device join
• Device hybrid join
• Device enrollment
• Device settings
L3: Implement identity protection
• Credential Guard
• Manage the membership of local groups on Windows devices by using Intune
• Implement and manage LAPS for Microsoft Entra ID
• Self-service password reset in Entra ID
• Overview of Windows Hello
• Overview of MFA
• Implementing Windows Hello in Intune
• Implementing MFA in Entra ID
Lab: Managing identity and access
• Exercise 1: Configuring Entra device settings
• Exercise 2: Performing device join with Entra
• Exercise 3: Enrolling devices in Intune
• Exercise 4: Implementing LAPS, Windows Hello, SSPR, and MFA
After completing this module, students can:
• Describe the features of various identity providers
• Implement Entra ID registration
• Implement identity protection features in Windows 11 using Intune and Entra ID
In this module, students learn how to implement and troubleshoot Group Policy in an on-premises environment before migrating the settings to Intune. Students also learn how to manage updates in Intune.
Lesson outline:
L1: Implement and troubleshoot Group Policy
• Overview of Group Policy
• Group Policy processing
• Changing default GPO processing behavior
• GPO filtering
• Tools for managing GPOs
• How GPOs apply
• Reasons for GPO failures
• Troubleshooting the application of GPOs
Lab A: Implementing and troubleshooting GPOs
• Exercise 1: Implementing GPOs per a requirement
• Exercise 2: Testing the application of GPOs
• Exercise 3: Troubleshooting the application of GPOs
L2: Migrate GPOs to Intune
• Implement administrative templates in Intune
• Import new ADMX files
• Review how your on-premises GPOs can be imported to Intune
L3: Configuring devices using Intune
• Use device configuration policies
• Resolve conflicts between policies
L4: Manage Windows 11 updates
• Overview of the update service model in Windows
• Selecting a servicing channel
• Local update settings
• Managing updates via GPO
• Managing updates via Intune
• Hot-patching
Lab B: Configuring devices with Intune
• Exercise 1: Migrate GPOs to Intune
• Exercise 2: Create and assign device configuration policies
• Exercise 3: Manage configuration profile conflicts
• Exercise 4: Deploy updates with Intune
After completing this module, students can:
• Implement and troubleshoot Group Policy
• Migrate GPOs to Intune
• Configure devices using Intune
• Manage Windows 11 updates
In this module, students learn how to implement and troubleshoot Group Policy in an on-premises environment before migrating the settings to Intune. Students also learn how to manage updates in Intune.
Lesson outline:
L1: Deploy Microsoft Store apps
• Use Intune to deploy Store apps
• Restrict access to the Store
• Manage app updates
L2: Deploy Win32 apps
• Local deployment options
• Microsoft 365 apps for Enterprise deployment
• Enterprise app catalog
L3: Troubleshoot apps
• Why apps don’t work
• Mitigations for problematic apps
L4: Configure Windows Defender Application Control
• What is AppLocker?
• What is Application Control?
• Implementing Application Control
Lab: Managing apps
• Exercise 1: Deploy Store apps
• Exercise 2: Deploy Microsoft 365 apps
• Exercise 3: Reconfigure AppLocker
• Exercise 4: Manage Kiosk mode
After completing this module, students can:
• Deploy Microsoft Store apps
• Deploy Win32 apps
• Troubleshoot apps
• Configure Windows Defender Application Control
In this module, students learn how to make file resources available, and how to secure and troubleshoot that access.
Lesson outline:
L1: Implement storage in Windows 11
• Local storage
• Removal storage
• Storage spaces
• Cloud storage (OneDrive and Azure Storage)
• File systems
L2: Manage and share files
• Configure and manage file access
• File and folder permissions
• Effective access
• Share files
• Manage share permissions
• Combine NTFS and share permissions
• Implement claims-based access
Lab: Managing file access
• Exercise 1: Creating a storage space
• Exercise 2: Securing folders with NTFS permissions
• Exercise 3: Sharing folders
• Exercise 4: Implementing claims-based access to files
• Exercise 5: Troubleshooting file access
After completing this module, students can:
• Implement storage in Windows 11
• Manage and share files
In this module, students learn about the security features in Windows 11, and how to implement them. They also learn to implement compliance in Intune. Finally, students learn to create and manage conditional access policies in Entra ID to address specific use cases, such as app restrictions.
Lesson outline:
L1: Overview of security features in Windows 11
• Overview of Security Center
• Microsoft Defender features, including Credential Guard etc.
L2: Implement BitLocker using Intune
• What is BitLocker?
• Drive unlock options
• BitLocker recovery
• Managing BitLocker in Entra ID and Intune
L3: Implement device compliance
• What is device compliance
• Default Intune compliance policy
• Create and assign compliance policies
• Review device compliance state
L4: Implement Conditional Access
• Overview of Entra ID Conditional Access policies
• Reviewing Conditional Access templates
• Implementing Conditional Access for apps
• Implementing device compliance with Conditional Access
Lab: Implementing security features
• Exercise 1: Implementing BitLocker
• Exercise 2: Implementing device compliance
• Exercise 3: Implementing Conditional Access
After completing this module, students can:
• Describe the security features in Windows 11
• Implement BitLocker using Intune
• Implement device compliance
• Implement Conditional Access
In this module, students learn implement and manage threat protection. They also learn how to implement policies based on Intune security baselines.
Lesson outline:
L1: Configure Microsoft Defender for Endpoint
• Overview of Microsoft Defender for Endpoint
• Implement Microsoft Defender for Endpoint
L2: Implement Intune security baselines
• Review Intune security baselines
• Update a security policy’s baseline
L3: Monitor and respond to security incidents
• Review security incidents
• Mitigate security incidents
Lab: Implementing threat protection and response
• Exercise 1: Implementing Microsoft Defender for Endpoint
• Exercise 2: Implementing Intune security baselines
After completing this module, students can:
• Configure Microsoft Defender for Endpoint
• Implement Intune security baselines
• Monitor and respond to security incidents.
In this module, students learn how to manage events and review event reports. They’ll also learn how to review computer performance.
Lesson outline:
L1: Manage events
• Describe how to review events
• Create an event subscription
• Review Intune device reports
L2: Optimize endpoint performance
• Understand key workstation resources
• Describe available performance monitoring tools
• Create and analyze data collector sets
• Review performance data in Intune
Lab: Monitoring and optimizing Windows
• Exercise 1: Managing events
• Exercise 2: Optimizing performance
After completing this module, students can:
• Manage events
• Optimize endpoint performance
Module 12 – Recovering Windows 11
In this module, students learn how troubleshoot system crashes and startup failures. They’ll also learn about file recover options, including OneDrive recycle bin and Windows 11 File History. Students will also learn about the registry and how to manage device drivers. .
Lesson outline:
L1: Implement data protection and recovery
• Review file recovery options, including OneDrive Recycle Bin and Windows Recycle bin.
• Implement File History to manage file versions and recovery.
L2: Analyze system crashes
• Review system crash debug information.
• Review startup logs.
L3: Use Windows recovery tools
• Windows startup architecture
• Managing the startup environment
• Describe the available recovery tools
• Access Windows RE
• Troubleshooting startup
• Describe System Restore
• Perform a System Restore
L4: Manage device and device drivers
• Describe procedures for troubleshooting hardware
• Managing device driver installation options
• Troubleshooting device drivers
L5: Review the Registry
• What is the Registry?
• Working with the Registry
Lab: Recovering Windows 11
• Exercise 1: Implementing File History
• Exercise 2: Reviewing startup logs and performing crash analysis
• Exercise 3: Performing a System Restore
• Exercise 4: Using recovery tools
• Exercise 5: Managing devices and device drivers
After completing this module, students can:
• Implement data protection and recovery
• Analyze system crashes
• Use Windows recovery tools
• Manage device and device drivers
• Review the Registry