MD-101T00: Managing Modern Desktops (Course Retired)
In this course, students will learn how to plan and implement an operating system deployment strategy using modern deployment methods, as well as how to implement an update strategy. Students will be introduced to key components of modern management and co-management strategies. This course also covers what it takes to incorporate Microsoft Intune into your organization. Students will also learn about methods for deployment and management of apps and browser-based applications. Students will be introduced to the key concepts of security in modern management including authentication, identities, access, and compliance policies. Students will be introduced to technologies such Azure Active Directory, Azure Information Protection and Windows Defender Advanced Threat Protection, as well as how to leverage them to protect devices and data.
Learning Path 1: Modern Management
This Learning Path explains the concepts of supporting the desktop through it's entire lifecycle. Finally, students will be introduced to the tools and strategies used for desktop deployment. Students well be introduced to the concept of directory in the cloud with Azure AD. Students will learn the similarities and differences between Azure AD and Active Directory DS and how to synchronize between the two. Students will explore identity management in Azure AD and learn about identity protection using Windows Hello for Business, as well as Azure AD Identity Protection and multi-factor authentication.
Modules
- The Enterprise Desktop
- Azure AD Overview
- Managing Identities in Azure AD
Labs:
- Managing identities in Azure AD
- Using Azure AD Connect to connect Active Directories
After completing this Learning Path, students will be able to:
- Describe the enterprise desktop lifecycle.
- Describe the capabilities of Azure AD.
- Manage users using Azure AD with Active Directory DS.
- Implement Windows Hello for Business.
- Join devices to Azure AD.
Learning Path 2: Device Enrollment
This Learning Path will also cover Azure AD join and will be introduced to Microsoft Endpoint Manager, as well as learn how to configure policies for enrolling devices to Endpoint Manager and Intune.
Modules
- Manage Device Authentication
- Device Enrollment using Microsoft Endpoint Configuration Manager
- Device Enrollment using Microsoft Intune
Labs:
- Manage Device Enrollment into Intune
- Configuring and managing Azure AD Join
- Enrolling devices into Microsoft Intune
After completing this Learning Path, students will be able to:
- Configure and join devices to Azure AD
- Configure device enrollment in Microsoft Endpoint Manager
- Enroll devices in Endpoint Configuration Manager and Intune
Learning Path 3: Configuring Profiles
This Learning Path dives deeper into Intune device profiles including the types of device profiles and the difference between built-in and custom profiles. The student will learn about assigning profiles to Azure AD groups and monitoring devices and profiles in Intune. You will be introduced to the various user profile types that exist in Windows for on-premises devices. You will learn about the benefits of various profiles and how to switch between types of profiles. You will examine how Folder Redirection works and how to set it up. The Modules will then conclude with an overview of Enterprise State roaming and how to configure it for Azure AD devices.
Modules
- Configuring Device Profiles
- Managing User Profiles
Labs:
- Configuring Enterprise State Roaming
- Creating and Deploying Configuration Profiles
- Monitor device and user activity in Intune
After completing this Learning Path, you should be able to:
- Describe the various types of device profiles in Intune
- Create, manage and monitor profiles
- Manage PowerShell scripts in Intune
- Explain the various user profile types that exist in Windows.
- Explain how to deploy and configure Folder Redirection.
- Configure Enterprise State Roaming for Azure AD devices.
Learning Path 4: Application Management
In this Learning Path, students learn about application management on-premise and cloud-based solutions. This Learning Path will cover how to manage Office 365 ProPlus deployments in Endpoint Manager as well as how to manage apps on non-enrolled devices. The Learning Path will also include managing Win32 apps and deployment using the Microsoft Store for Business. This Learning Path will conclude with an overview of Microsoft Edge and Enterprise Mode.
Modules
- Implement Mobile Application Management (MAM)
- Deploying and updating applications
- Administering applications
Labs:
- Configure App Protection Policies for Mobile Device
- Deploying cloud apps using Intune
- Deploy Apps using Endpoint Configuration Manager
- Deploy Apps using Microsoft Store for Business
After completing this Learning Path, students will be able to:
- Describe the methods for application management.
- Deploy applications using Endpoint Manager and Group Policy.
- Configure Microsoft Store for Business.
- Deploy Office365 ProPlus using Intune.
- Manage and report application inventory and licenses.
Learning Path 5: Managing Authentication in Azure AD
This Learning Path covers the various solutions for managing authentication. The student will also learn about the different types of VPNs. This Learning Path also covers compliance policies and how to create conditional access policies.
Modules
- Protecting Identities in Azure AD
- Enabling Organization Access
- Implement Device Compliance Policies
- Using Reporting
Labs:
- Creating device inventory reports
- Configuring and validating device compliance
- Configuring Multi-factor Authentication
- Configuring Self-service password reset for user accounts in Azure AD
After completing this Learning Path, students will be able to:
- Describe Windows Hello for Business
- Describe Azure AD Identity Protection
- Describe and manage multi-factor authentication
- Describe VPN types and configuration
- Deploy device compliance and conditional access policies
- Generate inventory reports and Compliance reports using Endpoint Manager
Learning Path 6: Managing Security
In this Learning Path, students will learn about data protection. Topics will include Windows & Azure Information Protection, and various encryption technologies supported in Windows 10. This Learning Path also covers key capabilities of Windows Defender Advanced Threat Protection and how to implement these capabilities on devices in your organization. The Learning Path concludes using Windows Defender and using functionalities such as antivirus, firewall and Credential Guard.
Modules
- Implement device data protection
- Managing Windows Defender ATP
- Managing Windows Defender in Windows 10
Labs:
- Configuring Endpoint security using Intune
- Configure and Deploy Windows Information Protection Policies by using Intune
- Configuring Disk Encryption Using Intune
After completing this Learning Path, students will be able to:
- Describe the methods protecting device data.
- Describe the capabilities and benefits of Windows ATP.
- Deploy and manage settings for Windows Defender clients.
Learning Path 7: Deployment using on-premise based tools
In Learning Path, students well be introduced to deployment using Microsoft Endpoint Manager. Part 1 will cover the tools for assessing the infrastructure and planning a deployment, followed by deployment using the Microsoft Deployment Toolkit and Endpoint Configuration Manager.
Modules
- Assessing Deployment Readiness
- On-Premise Deployment Tools and Strategies
Labs:
- Deploying Windows 10 using Microsoft Deployment Toolkit
- Deploying Windows 10 using Endpoint Configuration Manager
After completing this Learning Path, students will be able to:
- Describe the tools for planning a deployment.
- Deploy Windows 10 using the Microsoft Deployment Toolkit
- Deploy Windows 10 using Endpoint Configuration Manager
Learning Path 8: Deploy using cloud-based tools
This Learning Path continues with deployment using Microsoft Endpoint Manager. In part two, the student will learn about using Windows Autopilot and deployment using Microsoft Intune. This Learning Path will also include dynamic OS deployment methods, such as Subscription Activation. The Learning Path will conclude learning how Co-Management can be used to transitioning to modern management.
Modules
- Deploying New Devices
- Dynamic Deployment Methods
- Planning a Transition to Modern Management
Labs:
- Configuring Co-Management Using Configuration Manager
- Deploying Windows 10 with Autopilot
After completing this Learning Path, students will be able to:
- Deploy Windows 10 using Autopilot
- Configure OS deployment using subscription activation and provisioning packages
- Upgrade, migrate and manage devices using modern management methods
Learning Path 9: Managing Updates and use analytics
This Learning Path covers managing updates to Windows. This Learning Path introduces the servicing options for Windows 10. Students will learn the different methods for deploying updates and how to configure windows update policies. Finally, students will learn how to ensure and monitor updates using Desktop Analytics.
Modules
- Updating Windows 10
- Windows Update for Business
- Desktop Analytics
Lab:
- Managing Windows 10 security and feature updates
After completing this Learning Path, students will be able to:
- Describe the Windows 10 servicing channels.
- Configure a Windows update policy using Group Policy settings.
- Configure Windows Update for Business to deploy OS updates.
- Use Desktop Analytics to assess upgrade readiness.
