MD-102 - Microsoft 365 Endpoint Administrator

Duration

5 Days

Level

200 - Intermediate

Vendor

Microsoft, Windows Client, Windows 10 / 11 / Intune

Legacy MOC Code

MD-100/101 & MD-102

What is
Aligned Courseware?

Based on customer feedback and demand from Training Service Providers (Learning Partners) and Microsoft Certified Trainers (MCTs) in regards to the content on Microsoft Learn not meeting the demands of students in the classroom, Specialist Courseware made the commitment to author courseware that aligned directly to the Microsoft Official Courses.

The content is aligned almost identically with official courses, with some exceptions.  Where we find deficiencies in the official courses based on the exam requirements, we may add or enhance content.  Where PPT slides lack detail, these have been amended to create a rich and more engaging experience for the students.

Not only this, we have a continued commitment to keep these courses up to date on a much regular cadence than that of WWL.

Course
Overview

In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management, co-management approaches, and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for Endpoint are explored to protect devices and data.

Audience
Profile

The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.

Course
Outline

Module 1: Managing Identity

Lesson 1: Overview of Microsoft Intune

  • What is Microsoft Intune?
  • Intune integration
  • Enroll in device management, application management, or both
  • Protect data on any device

Lesson 2: Overview of Entra ID

  • What is Microsoft Entra ID?
  • What are the Entra ID editions?
  • Compare Microsoft Entra ID with AD DS
  • Demonstration: Compare AD DS and Entra ID
  • What is Azure AD Domain Services?

Lesson 3: The administrative model in Microsoft 365

  • Built-in roles
  • Custom roles
  • Scoping the roles
  • Managing RBAC roles
  • Demonstration: Reviewing RBAC roles and administrative units

Lesson 4: Managing user and group objects

  • Managing Microsoft 365 with Windows PowerShell
  • Managing user accounts
  • Managing Groups
  • Demonstration: Creating security principals
  • Lab: Managing identities in Azure AD

Lesson 5: Directory Synchronization

  • What is Directory Synchronization?
  • What is Azure AD Connect?
  • What is Azure AD Cloud Sync?
  • Considerations for directory synchronization
  • Planning writeback options
  • Configuring Azure AD Connect Sync
  • Demonstration: Configuring Azure AD Connect sync
  • Lab: Synchronizing Identities by using Azure AD Connect

Lesson 6: Managing device authentication

  • Prerequisites for Azure AD Join or Register
  • What is Azure AD Join?
  • What is Hybrid Azure AD Join?
  • What is Azure AD Register?
  • Demonstration: Performing Azure AD Join and Azure AD Register
  • Lab: Configuring and managing Azure AD Join
  • Lab: Manage Azure AD device registration

Module 2: Enrolling devices

Lesson 1: Overview of Intune lifecycle

  • Mobility is the new normal
  • What’s driving change?
  • Empowering enterprise mobility
  • Why Intune?
  • Enterprise Mobility Suite
  • Device management challenges
  • Enterprise mobility management with Intune
  • Comprehensive lifecycle management

Lesson 2: Enrolling devices in Intune

  • Supported device operating systems
  • Prerequisites for enrollment
  • Enrollment restrictions
  • Device enrollment managers
  • Demonstration: Preparing for device enrollment
  • Lab: Manage Device Enrollment into Intune
  • Enrolling Windows devices
  • Enrolling Android and iOS devices
  • Demonstration: Enrolling devices
  • Lab: Enrolling devices into Microsoft Intune

Lesson 3: Performing remote actions

  • Remote actions
  • Remotely lock devices
  • Reset or remove a passcode
  • Remove devices with wipe or retire
  • Perform a Fresh Start
  • Remotely restart devices
  • Apple device actions – Enable lost mode
  • Communication – Send custom notifications in Intune
  • Communication – Organizational messages
  • Sync a device
  • Use bulk device actions
  • Demonstration: Performing remote actions

Lesson 4: Overview of Windows remote management

  • Windows Admin Center
  • Demonstration: Using Windows Admin Center
  • PowerShell remoting
  • Implement and manage LAPS in Entra ID
  • Demonstration: Configuring LAPS
  • Implement Remote Help in Intune

Module 3: Configuring devices

Lesson 1: Review of Group Policy

  • Overview of Group Policy fundamentals
  • Group Policy Objects
  • Scoping GPOs
  • Group Policy inheritance
  • Administrative templates
  • Demonstration: Reviewing Group Policy

Lesson 2: Creating device configuration profiles

  • Reviewing supported operating systems and types of profile
  • Creating device configuration profiles
  • Using scope tags
  • Using policy sets
  • Demonstration: Implementing device configuration profiles
  • Lab: Creating and deploying configuration profiles
  • Creating a kiosk configuration profile
  • Demonstration: Implementing kiosk mode
  • Lab: Using a Configuration Profile to configure Kiosk mode
  • Lab: Using a Configuration Profile to configure iOS and iPadOS Wi-Fi settings
  • Migrating from Group Policy
  • Lab: Using Group Policy Analytics to validate GPO support in Intune

Lesson 3: Monitoring device configuration

  • Monitor device profiles
  • Manage device sync
  • Understand conflicts
  • Demonstration: Monitoring configuration profiles
  • Lab: Monitor device and user activity in Intune

Lesson 4: Synchronizing user state

  • Overview of Folder Redirection
  • Overview of UE-V
  • Overview of enterprise state roaming
  • Demonstration: Reviewing user state sync options

Module 4: Managing apps

Lesson 1: App deployment options

  • Overview of MAM
  • Review the app lifecycle
  • Methods for app deployment
  • Demonstration: Reviewing app management

Lesson 2: Microsoft 365 Apps for enterprise

  • Overview of Microsoft 365 Apps for enterprise
  • Microsoft 365 Apps for enterprise vs. Office Professional 2021
  • Internet requirements
  • Microsoft 365 Apps for enterprise licensing and activation
  • Customizing Click-to-Run options
  • Using the Microsoft Apps admin center
  • Creating a deployment configuration file
  • Overview of the Office Deployment Tool
  • Demonstration: Managing Microsoft 365 apps

Lesson 3: Deploying and managing apps with Intune

  • Deploying apps with Intune
  • Deploying Microsoft 365 apps for Enterprise with Intune
  • Demonstration: Deploying apps
  • Lab: Deploying cloud apps using Intune
  • Mobile Application Management options
  • Demonstration: Managing apps
  • Lab: Configure App Protection Policies for Mobile Devices

Module 5: Managing authentication and compliance

Lesson 1: Enabling organizational access

  • Overview of remote access options
  • What is a VPN?
  • Configuring a VPN
  • What is Microsoft Tunnel Gateway?
  • Demonstration: Reviewing Microsoft Tunnel Gateway setup

Lesson 2: Protecting identities in Entra ID

  • Managing multi-factor authentication
  • Implementing Windows Hello in Intune
  • Demonstration: Managing MFA
  • Self-service password reset
  • Demonstration: Managing SSPR

Lesson 3: Implementing compliance and conditional access policies

  • Managing device compliance
  • Demonstration: Configuring compliance policies
  • Managing conditional access policies
  • Demonstration: Configuring conditional access policies
  • Lab: Configuring Multi-factor Authentication
  • Lab: Configuring Self-service password reset for user accounts in Azure AD
  • Lab: Configuring and validating device compliance

Module 6: Securing endpoint devices

Lesson 1: Managing Microsoft Defender in Windows client

  • Windows 11 security features
  • Windows Firewall with Advanced Security
  • Microsoft Defender Antivirus
  • Demonstration: Implementing Microsoft Defender in Windows

Lesson 2: Implementing Endpoint security

  • Overview of security baselines
  • Endpoint detection and response
  • Demonstration: Securing endpoints in Intune
  • Lab: Configuring Endpoint security using Intune

Lesson 3: Implementing device data protection

  • Implementing Data Loss Prevention
  • Configuring BitLocker
  • Demonstration: Implementing device data protection
  • Lab: Configuring Disk Encryption Using Intune

Module 7: Deploying Windows with on-premises tools

Lesson 1: Overview of on-premises deployment

  • Overview of images
  • Overview of image-based installation tools
  • Creating, updating, and maintaining images
  • Windows ADK for Windows 10/11
  • Windows Deployment Services
  • Microsoft Deployment Toolkit

Lesson 2: Deploy using the Microsoft Deployment Toolkit

  • Creating images in MDT
  • Deploying images in MDT
  • Demonstration: Deploying Windows with MDT
  • Lab: Deploying Windows 11 using Microsoft Deployment Toolkit

Module 8: Deploying Windows with modern tools

Lesson 1: Dynamic provisioning

  • Windows Autopilot
  • Provisioning packages with Windows Configuration Designer
  • Implementing subscription activation
  • Azure AD join with automatic MDM enrollment

Lesson 2: Overview of Windows Autopilot

  • Autopilot for modern deployments
  • Device lifecycle management with Windows Autopilot and Intune
  • Requirements for Windows Autopilot

Lesson 3: Preparing for Windows Autopilot deployment

  • Preparing for Autopilot
  • Demonstration: Preparing for Autopilot
  • Registering devices
  • Demonstration: Uploading device IDs
  • Assigning an Autopilot deployment profile
  • Demonstration: Creating a deployment profile

Lesson 4: Deploying Windows using Windows Autopilot

  • Creating an enrollment status page
  • Windows Autopilot Deployment Scenarios
  • Demonstration: Deploying Windows with Autopilot
  • Lab: Deploying Windows with Autopilot
  • Lab: Refreshing Windows with Autopilot Reset and Self-Deploying mode

Module 9: Managing updates, upgrades, and using analytics

Lesson 1: Managing updates

  • What are the available Servicing Channels?
  • Applying Windows updates
  • Configuring Windows Update settings
  • Using Group Policy to configure Windows updates
  • Windows Server Update Services
  • Managing updates with Intune
  • What is Windows Autopatch?
  • Delivery Optimization for Windows Updates
  • Demonstration: Managing updates in Intune

Lesson 2: Understanding upgrades

  • Supported upgrade paths
  • Compare in-place upgrades with migrations
  • The process for performing an in-place upgrade to Windows 11
  • The process for migrating to Windows 11

Lesson 3: Using analytics

  • Setup Endpoint Analytics
  • Explore Endpoint Analytics
  • Demonstration: Using Endpoint Analytics

 

Other
Information

  • Labs available from go deploy and Skillable (Just purchase the MD-102 labs)
  • Continually updated
  • Completing this course enables students to sit and pass the MD-102 exam
Buy Now