MD-102T00: Microsoft 365 Endpoint Administrator
As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization. This course will also prepare you for the Endpoint Administrator Associate Microsoft certification.
Description
Overview
In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management, co-management approaches, and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for Endpoint are explored to protect devices and data.
Course Objectives
- Enterprise Desktops, Windows editions and Azure Active Directory
- Similarities and differences between Azure Active Directory and AD DS
- Managing Azure Active Directory Identities
- Effectively Support Enterprise Desktops
- Azure AD join and Microsoft Endpoint Manager
- Configuration Manager and Microsoft Intune Policy Configuration
- Intune device profiles
- Application Management Methods
- Managing Authentication
- Different types of VPNs
- Compliance and Conditional Access Policies
- Data Protection and Protecting Endpoints against Threats
- Microsoft Defender
- Microsoft Deployment Toolkit and Configuration Manager
- Windows Autopilot and Deployment using Microsoft Intune
- Co-management
Who Should Attend
The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.
Course Outline
Learning Path 1: Explore Modern Management
This learning path is designed to provide a comprehensive understanding of enterprise desktops, Windows editions, and Microsoft Entra ID. It includes exploring various Windows editions, including their features and installation methods. It delves into Microsoft Entra ID, highlighting its similarities and differences with AD DS and how to synchronize the two. Furthermore, learners will better understand managing Microsoft Entra ID identities. Overall, this learning path equips learners with the necessary knowledge and skills to effectively support enterprise desktops and manage Microsoft Entra ID identities.
Modules:
- The Enterprise Desktop
- Entra ID Overview
- Managing Identities in Entra ID
- Manage Microsoft Entra ID identities
Labs:
- Managing identities in Entra ID
- Using Entra ID Connect to connect Active Directories
Learning Path 2: Execute Device Enrollment
This learning path will cover Entra ID join and will introduce Microsoft Endpoint Manager and discuss how to configure policies for enrolling devices to Configuration Manager and Microsoft Intune.
Modules:
- Manage Device Authentication
- Enroll device using Microsoft Endpoint Configuration Manager
- Enroll device using Microsoft Intune
Labs:
- Configuring and managing Entra ID join
- Manage Entra ID device registration
- Manage Device Enrollment into Intune
- Enrolling Devices into Intune
Learning Path 3: Configuring Profiles for User and Devices
This learning path explores Intune device profiles, the benefits of user profiles and how to synchronize profile data across multiple devices.
Modules:
- Execute Device Profiles
- Oversee Device Profiles
- Maintain User Profiles
Labs:
- Creating and Deploying Configuration Profiles
- Using a Configuring Profile to configure Kiosk mode
- Using a Configuring Profile to configure iOS and iPadOS Wi-Fi settings
- Using Group Policy Analytics to validate GPO support in Intune
- Monitor device and user activity in Intune
Learning Path 4: Examine Application Management
Learners will examine application management methods using on-premises and cloud-based solutions.
Modules:
- Execute Mobile Application Management (MAM)
- Deploying and updating applications
- Administering endpoint applications
Labs:
- Deploying Cloud Apps using Intune
- Configure App Protection Policies for Mobile Devices
- Deploy Apps using Endpoint Configuration Manager
- Deploy Apps using Microsoft Store for Business
- Deploy Apps using Microsoft Store for Business
Learning Path 5: Managing Authentication and Compliance
This learning path covers the various solutions for managing authentication. Students will also learn about the different types of VPNs, as well as compliance and conditional access policies.
Modules:
- Protecting Identities in Entra ID
- Enabling Organization Access
- Implement Device Compliance Policies
- Generate inventory and compliance reports
Labs:
- Configuring Multi-Factor Authentication
- Configuring Self-Service password reset
- Configuring and validating Device Compliance
- Creating device inventory reports
Learning Path 6: Managing Endpoint Security
Students will learn about data protection and protecting endpoints against threats. This path will also cover the key capabilities of Microsoft Defender solutions.
Modules:
- Deploy device data protection
- Manage Microsoft Defender to Endpoint
- Managing Windows Defender for client
- Managing Windows Defender for cloud apps
Labs:
- Configure and Deploy Windows Information Protection Policies by using Intune
- Configuring Endpoint security using Intune
- Configuring Disk Encryption using Intune
- Describe the methods protecting device data.
Learning Path 7: Deployment using on-premise based tools
Students are introduced to deployment using the Microsoft Deployment Toolkit and Configuration Manager.
Modules:
- Assess Deployment Readiness
- Deploy using the Microsoft Deployment Toolkit (MDT)
- Deploy using Microsoft Configuration Manager
Labs:
- Deploying Windows 10 using Microsoft Deployment Toolkit
- Deploying Windows 10 using Endpoint Configuration Manager
Learning Path 8: Deploy using cloud-based tools
Students will learn about using Windows Autopilot and deployment using Microsoft Intune. This path will also learn how co-management can be used to transition to modern management.
Modules:
- Deploy Devices using Windows Autopilot
- Implement dynamic deployment methods
- Plan a transition to modern endpoint management
- Manage Windows 365
- Manage Azure virtual desktop
Labs:
- Deploying Windows 10 with Autopilot
- Refreshing Windows with Autopilot Reset and Self-Deploying mode
- Configuring Cloud Attach and Co-Management Using Configuration Manager
Prerequisites
The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 11 and later, and non-Windows devices.