Managing Modern Desktops (MD-101)

Prerequisites:

The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 10 and non-Windows devices. The MDA role focuses on cloud services rather than on-premises management technologies. It is recommended students complete course MD-100, Windows 10, prior to taking this course.

Target Audience:

The Modern Desktop Administrator deploys, configures, secures, manages, and monitors devices and client applications in an enterprise environment. Responsibilities include managing identity, access, policies, updates, and apps. The MDA collaborates with the M365 Enterprise Administrator to design and implement a device strategy that meets the business needs of a modern organization. The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 10 and non-Windows devices. The MDA role focuses on cloud services rather than on-premises management technologies.

Course Objectives:

Module 1: Modern Management

This module explains the concepts of supporting the desktop through it’s entire lifecycle. Finally, students will be introduced to the tools and strategies used for desktop deployment. Students well be introduced to the concept of directory in the cloud with Azure AD. Students will learn the similarities and differences between Azure AD and Active Directory DS and how to synchronize between the two. Students will explore identity management in Azure AD and learn about identity protection using Windows Hello for Business, as well as Azure AD Identity Protection and multi-factor authentication.

Lessons

The Enterprise Desktop

Azure AD Overview

Managing Identities in Azure AD

Lab : Managing identities in Azure AD

Lab : Using Azure AD Connect to connect Active Directories

After completing this module, students will be able to:

Describe the enterprise desktop lifecycle.

Describe the capabilities of Azure AD.

Manage users using Azure AD with Active Directory DS.

Implement Windows Hello for Business.

Join devices to Azure AD.

Module 2: Device Enrollment

This module will also cover Azure AD join and will be introduced to Microsoft Endpoint Manager, as well as learn how to configure policies for enrolling devices to Endpoint Manager and Intune.

Lessons

Manage Device Authentication

Device Enrollment using Microsoft Endpoint Configuration Manager

Device Enrollment using Microsoft Intune

Lab : Manage Device Enrollment into Intune

Lab : Configuring and managing Azure AD Join

Lab : Enrolling devices into Microsoft Intune

After completing this module, students will be able to:

Configure and join devices to Azure AD

Configure device enrollment in Microsoft Endpoint Manager

Enroll devices in Endpoint Configuration Manager and Intune

Module 3: Configuring Profiles

This module dives deeper into Intune device profiles including the types of device profiles and the difference between built-in and custom profiles. The student will learn about assigning profiles to Azure AD groups and monitoring devices and profiles in Intune. You will be introduced to the various user profile types that exist in Windows for on-premises devices. You will learn about the benefits of various profiles and how to switch between types of profiles. You will examine how Folder Redirection works and how to set it up. The lesson will then conclude with an overview of Enterprise State roaming and how to configure it for Azure AD devices.

Lessons

Configuring Device Profiles

Managing User Profiles

Lab : Configuring Enterprise State Roaming

Lab : Creating and Deploying Configuration Profiles

Lab : Monitor device and user activity in Intune

After completing this module, you should be able to:

Describe the various types of device profiles in Intune

Create, manage and monitor profiles

Manage PowerShell scripts in Intune

Explain the various user profile types that exist in Windows.

Explain how to deploy and configure Folder Redirection.

Configure Enterprise State Roaming for Azure AD devices.

Module 4: Application Management

In this module, students learn about application management on-premise and cloud-based solutions. This module will cover how to manage Office 365 ProPlus deployments in Endpoint Manager as well as how to manage apps on non-enrolled devices. The module will also include managing Win32 apps and deployment using the Microsoft Store for Business. This module will conclude with an overview of Microsoft Edge and Enterprise Mode.

Lessons

Implement Mobile Application Management (MAM)

Deploying and updating applications

Administering applications

Lab : Configure App Protection Policies for Mobile Device

Lab : Deploying cloud apps using Intune

Lab : Deploy Apps using Endpoint Configuration Manager

Lab : Deploy Apps using Microsoft Store for Business

After completing this module, students will be able to:

Describe the methods for application management.

Deploy applications using Endpoint Manager and Group Policy.

Configure Microsoft Store for Business.

Deploy Office365 ProPlus using Intune.

Manage and report application inventory and licenses.

Module 5: Managing Authentication in Azure AD

This module covers the various solutions for managing authentication. The student will also learn about the different types of VPNs. This module also covers compliance policies and how to create conditional access policies.

Lessons

Protecting Identities in Azure AD

Enabling Organization Access

Implement Device Compliance Policies

Using Reporting

Lab : Creating device inventory reports

Lab : Configuring and validating device compliance

Lab : Configuring Multi-factor Authentication

Lab : Configuring Self-service password reset for user accounts in Azure AD

After completing this module, students will be able to:

Describe Windows Hello for Business

Describe Azure AD Identity Protection

Describe and manage multi-factor authentication

Describe VPN types and configuration

Deploy device compliance and conditional access policies

Generate inventory reports and Compliance reports using Endpoint Manager

Module 6: Managing Security

In this module, students will learn about data protection. Topics will include Windows & Azure Information Protection, and various encryption technologies supported in Windows 10. This module also covers key capabilities of Windows Defender Advanced Threat Protection and how to implement these capabilities on devices in your organization. The module concludes using Windows Defender and using functionalities such as antivirus, firewall and Credential Guard.

Lessons

Implement device data protection

Managing Windows Defender ATP

Managing Windows Defender in Windows 10

Lab : Configuring Endpoint security using Intune

Lab : Configure and Deploy Windows Information Protection Policies by using Intune

Lab : Configuring Disk Encryption Using Intune

After completing this module, students will be able to:

Describe the methods protecting device data.

Describe the capabilities and benefits of Windows ATP.

Deploy and manage settings for Windows Defender clients.

Module 7: Deployment using Microsoft Endpoint Manager – Part 1

In this two-part module, students well be introduced to deployment using Microsoft Endpoint Manager. Part 1 will cover the tools for assessing the infrastructure and planning a deployment, followed by deployment using the Microsoft Deployment Toolkit and Endpoint Configuration Manager.

Lessons

Assessing Deployment Readiness

On-Premise Deployment Tools and Strategies

Lab : Deploying Windows 10 using Microsoft Deployment Toolkit

Lab : Deploying Windows 10 using Endpoint Configuration Manager

After completing this module, students will be able to:

Describe the tools for planning a deployment.

Deploy Windows 10 using the Microsoft Deployment Toolkit

Deploy Windows 10 using Endpoint Configuration Manager

Module 8: Deployment using Microsoft Endpoint Manager – Part 2

This module continues with deployment using Microsoft Endpoint Manager. In part two, the student will learn about using Windows Autopilot and deployment using Microsoft Intune. This module will also include dynamic OS deployment methods, such as Subscription Activation. The module will conclude learning how Co-Management can be used to transitioning to modern management.

Lessons

Deploying New Devices

Dynamic Deployment Methods

Planning a Transition to Modern Management

Lab : Configuring Co-Management Using Configuration Manager

Lab : Deploying Windows 10 with Autopilot

After completing this module, students will be able to:

Deploy Windows 10 using Autopilot

Configure OS deployment using subscription activation and provisioning packages

Upgrade, migrate and manage devices using modern management methods

Module 9: Managing Updates for Windows 10

This module covers managing updates to Windows. This module introduces the servicing options for Windows 10. Students will learn the different methods for deploying updates and how to configure windows update policies. Finally, students will learn how to ensure and monitor updates using Desktop Analytics.

Lessons

Updating Windows 10

Windows Update for Business

Desktop Analytics

Lab : Managing Windows 10 security and feature updates

After completing this module, students will be able to:

Describe the Windows 10 servicing channels.

Configure a Windows update policy using Group Policy settings.

Configure Windows Update for Business to deploy OS updates.

Use Desktop Analytics to assess upgrade readiness.

Course Outline:

MD-101T01: Deploying the Modern Desktop

Module 1: Planning an Operating System Deployment Strategy

This module explains how to plan and implement a deployment strategy. It covers various methods and scenarios for deploying Windows. It discusses on-premise and cloud technologies as well as considerations for new deployments, upgrading, and migrations.

Lessons

• Overview of Windows as a service
• Windows 10 Deployment options
• Considerations for Windows 10 deployment

Module 2: Implementing Windows 10

This module covers new modern methods for deploying Windows 10 such as Windows Autopilot and provisioning packages. This module also covers tool used in upgrade planning, application compatibility and migration methods.

Lessons

• Implementing Windows 10 by using dynamic deployment
• Implementing Windows 10 by using Windows Autopilot
• Upgrading devices to Windows 10

Module 3: Managing Updates for Windows 10

This module covers managing updates to Windows. This module introduces the servicing options for Windows 10. Students will learn the different methods for deploying updates and how to configure windows update policies.

Lessons

• Implementing Windows 10 by using dynamic deployment
• Implementing Windows 10 by using Windows Autopilot
• Upgrading devices to Windows 10

Module 4: Course Conclusion

Final Exam

MD-101T02: Managing Modern Desktop and Devices

Module 1: Device Enrollment

In this module, students will examine the benefits and prerequisites for co-management and learn how to plan for it. This module will also cover Azure AD join and will be introduced to Microsoft Intune, as well as learn how to configure policies for enrolling devices. The module will conclude with an overview of device inventory in Intune and reporting using the Intune console, Power BI and Microsoft Graph.

Lessons

• Device management options
• Manage Intune device enrollment and inventory

Module 2: Configuring Profiles

This module dives deeper into Intune device profiles including the types of device profiles and the difference between built-in and custom profiles. The student will learn about assigning profiles to Azure AD groups and monitoring devices and profiles in Intune. The module will conclude with an overview of using Windows Analytics for health and compliance reporting.

Lessons

• Configuring device profiles
• Managing user profiles
• Monitoring devices

Module 3: Application Management

In this module, students learn about application management on-premise and cloud-based solutions. This module will cover how to manage Office 365 ProPlus deployments in Intune as well as how to manage apps on non-enrolled devices. The module will conclude with an overview of Enterprise Mode with Internet Explorer and Microsoft Edge and tracking your installed applications, licenses, and assigned apps using Intune.

Lessons

• Implement Mobile Application Management (MAM)
• Deploying and updating applications
• Administering applications

Module 4: Course Conclusion

Final Exam

MD-101T03: Protecting Modern Desktops and Devices

Module 1: Managing Authentication in Azure AD

In this module, students well be introduced to the concept of directory in the cloud with Azure AD. Students will learn the similarities and differences between Azure AD and Active Directory DS and how to synchronize between the two. Students will explore identity management in Azure AD and learn about identity protection using Windows Hello for Business, as well as Azure AD Identity Protection and multi-factor authentication. The module will conclude with securely accessing corporate resources and introduce concepts such as Always On VPN and remote connectivity in Windows 10.

Lessons

• Azure AD Overview
• Managing identities in Azure AD
• Protecting identities in Azure AD
• Managing device authentication
• Enabling corporate access
• Describe methods of enabling access from external networks.

Module 2: Managing Devices and Device Policies

In this module, students will be introduced to managing device security with Intune. Students will discover how Intune can use device profiles to manage configuration of devices to protect data on a device. Students will learn how to create and deploy compliance policies and use compliance policies for conditional access. The module concludes with monitoring devices enrolled in Intune.

Lessons

• Microsoft Intune Overview
• Managing devices with Intune
• Implement device compliance policies

Module 3: Managing Security

In this module, students will learn about data protection. Topics will include Windows & Azure Information Protection, and various encryption technologies supported in Windows 10. This module also covers key capabilities of Windows Defender Advanced Threat Protection and how to implement these capabilities on devices in your organization. The module concludes using Windows Defender and using functionalities such as antivirus, firewall and Credential Guard.

Lessons

• Implement device data protection
• Managing Windows Defender ATP
• Managing Windows Defender in Windows 10

Module 4: Course Conclusion

Final Exam

Labs

Lab: Practice Lab – Planning Windows 10 deployment

Lab: Practice Lab – Implementing Windows 10

• Creating and deploying provisioning package
• Migrating user settings
• Deploying Windows 10 with AutoPilot

Lab : Practice Lab – Managing Updates for Windows 10

• Manually configuring Windows Update settings
• Configuring Windows Update by using GPOs

Lab : Graded Lab

MD-101T02: Managing Modern Desktop and Devices

Lab: Practice Lab – Device Enrollment and Management

• Installing the MDM Migration Analysis Tool (MMAT)
• Obtain Intune and Azure AD Premium licenses and enable device management
• Enrolling devices in Intune
• Managing devices in Intune
• Creating device inventory reports

Lab: Practice Lab – Managing profiles

• Configuring roaming user profiles and Folder Redirection
• Create and deploy device profile based on the scenario
• Change deployed policy and monitor user and device activity
• Configuring Enterprise State Roaming

Lab: Practice Lab – Managing Applications

• Deploying apps by using Intune
• Configure and deploy Office 365 ProPlus from Intune
• Configure mobile application management (MAM) policies in Intune

Lab: Graded Lab

MD-101T03: Protecting Modern Desktops and Devices

Lab: Practice Lab – Managing objects and authentication in Azure AD

• Enabling and configuring Azure AD Premium with Enterprise Mobility + Security (EMS) tenant
• Creating user and group objects with UI and Windows PowerShell
• Configuring Self-service password reset (SSPR) for user accounts in Azure AD
• Joining a device to Azure AD

Lab: Practice Lab – Managing devices

• Configuring Microsoft Intune for device management
• Configuring compliance policies and device profiles
• Enrolling Windows 10 devices and managing compliance

Lab: Practice Lab – Managing Security in Windows 10

• Configuring Encrypting File System (EFS)
• Configuring BitLocker
• Configuring a WIP policy in Intune
• Configuring Windows Defender

Lab: Graded Lab