Microsoft Managing Modern Desktops
Please note - this course has been updated to include Windows 11 and is also suitable for learners working with Windows 10. In this course, students will learn how to plan and implement an operating system deployment strategy using modern deployment methods, as well as how to implement an update strategy. Students will be introduced to key components of modern management and co-management strategies. This course also covers what it takes to incorporate Microsoft Intune into your organization. Students will also learn about methods for deployment and management of apps and browser-based applications. Students will be introduced to the key concepts of security in modern management including authentication, identities, access, and compliance policies. Students will be introduced to technologies such Azure Active Directory, Azure Information Protection and Microsoft Defender for Endpoint as well as how to leverage them to protect devices and data.
Audience profileThe Modern Desktop Administrator deploys, configures, secures, manages, and monitors devices and client applications in an enterprise environment. Responsibilities include managing identity, access, policies, updates, and apps. The MDA collaborates with the M365 Enterprise Administrator to design and implement a device strategy that meets the business needs of a modern organization. The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows and later and non-Windows devices. The MDA role focuses on cloud services rather than on-premises management technologies.
Accessing your courseware and registering attendance with MicrosoftTo access your Official Curriculum (MOC) course materials you will need a Microsoft.com/Learn account. In Learn you will also be able to register your completion of the event and receive your achievement badge. You will be issued with a unique code during your event.
After completing this course, learners should be able to:
- Plan, develop, and implement an Operating System deployment, upgrade, and update strategy.
- Understand the benefits and methods of co-management strategies.
- Plan and implement device enrollment and configuration.
- Manage and deploy applications and plan a mobile application management strategy.
- Manage users and authentication using Azure AD and Active Directory DS.
- Describe and implement methods used to protect devices and data.
The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 10 and later and non-Windows devices. This knowledge can be gained from attending course MD100 'Microsoft Windows Client'. The MDA role focuses on cloud services rather than on-premises management technologies.
Module 1: Modern Management This module explains the concepts of supporting the desktop through it's entire lifecycle. Students will be introduced to the tools and strategies used for desktop deployment. Students will be introduced to the concept of directory in the cloud with Azure AD. Students will learn the similarities and differences between Azure AD and Active Directory DS and how to synchronize between the two. Students will explore identity management in Azure AD and learn about identity protection using Windows Hello for Business, as well as Azure AD Identity Protection and multi-factor authentication. Lessons
- The Enterprise Desktop
- Azure AD Overview
- Managing Identities in Azure AD
- Lab : Managing identities in Azure AD
- Lab : Using Azure AD Connect to connect Active Directories
- Describe the enterprise desktop lifecycle.
- Describe the capabilities of Azure AD.
- Manage users using Azure AD with Active Directory DS.
- Implement Windows Hello for Business.
- Join devices to Azure AD.
- Manage Device Authentication
- Device Enrollment using Microsoft Endpoint Configuration Manager
- Device Enrollment using Microsoft Intune
- Lab : Manage Device Enrollment into Intune
- Lab : Configuring and managing Azure AD Join
- Lab : Enrolling devices into Microsoft Intune
- Configure and join devices to Azure AD
- Configure device enrollment in Microsoft Endpoint Manager
- Enroll devices in Endpoint Configuration Manager and Intune
- Configuring Device Profiles
- Managing User Profiles
- Lab : Configuring Enterprise State Roaming
- Lab : Creating and Deploying Configuration Profiles
- Lab : Monitor device and user activity in Intune
- Describe the various types of device profiles in Intune
- Create, manage and monitor profiles
- Manage PowerShell scripts in Intune
- Explain the various user profile types that exist in Windows.
- Explain how to deploy and configure Folder Redirection.
- Configure Enterprise State Roaming for Azure AD devices.
- Implement Mobile Application Management (MAM)
- Deploying and updating applications
- Administering applications
- Lab : Configure App Protection Policies for Mobile Device
- Lab : Deploying cloud apps using Intune
- Lab : Deploy Apps using Endpoint Configuration Manager
- Lab : Deploy Apps using Microsoft Store for Business
- Describe the methods for application management.
- Deploy applications using Endpoint Manager and Group Policy.
- Configure Microsoft Store for Business.
- Deploy Office365 ProPlus using Intune.
- Manage and report application inventory and licenses.
- Protecting Identities in Azure AD
- Enabling Organization Access
- Implement Device Compliance Policies
- Using Reporting
- Lab : Creating device inventory reports
- Lab : Configuring and validating device compliance
- Lab : Configuring Multi-factor Authentication
- Lab : Configuring Self-service password reset for user accounts in Azure AD
- Describe Windows Hello for Business
- Describe Azure AD Identity Protection
- Describe and manage multi-factor authentication
- Describe VPN types and configuration
- Deploy device compliance and conditional access policies
- Generate inventory reports and Compliance reports using Endpoint Manager
- Implement device data protection
- Managing Microsoft Defender for Endpoint
- Managing Microsoft Defender in Windows Client
- Lab : Configuring Endpoint security using Intune
- Lab : Configure and Deploy Windows Information Protection Policies by using Intune
- Lab : Configuring Disk Encryption Using Intune
- Describe the methods protecting device data.
- Describe the capabilities and benefits of Windows ATP.
- Deploy and manage settings for Windows Defender clients.
- Assessing Deployment Readiness
- On-Premise Deployment Tools and Strategies
- Lab : Deploying Windows using Microsoft Deployment Toolkit
- Lab : Deploying Windows using Endpoint Configuration Manager
- Describe the tools for planning a deployment.
- Deploy Windows clients using the Microsoft Deployment Toolkit
- Deploy Windows clients using Endpoint Configuration Manager
- Deploying New Devices
- Dynamic Deployment Methods
- Planning a Transition to Modern Management
- Managing Virtual Desktops
- Lab : Configuring Co-Management Using Configuration Manager
- Lab : Deploying Windows 10 with Autopilot
- Deploy Windows 10 using Autopilot
- Configure OS deployment using subscription activation and provisioning packages
- Upgrade, migrate and manage devices using modern management methods
- Updating Windows Clients
- Windows Update for Business
- Desktop Analytics
- Endpoint Analytics
- Lab : Managing Windows 10 security and feature updates
- Describe the Windows client servicing channels.
- Configure a Windows update policy using Group Policy settings.
- Configure Windows Update for Business to deploy OS updates.
- Use Desktop Analytics to assess upgrade readiness.
- Use Endpoint Analytics to monitor user experience and assess Windows 11 readiness