Managing Modern Desktops (MD-101)

Prerequisites:

The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 10 and non-Windows devices. The MDA role focuses on cloud services rather than on-premises management technologies. It is recommended students complete course MD-100, Windows 10, prior to taking this course.

 

Target Audience:

The Modern Desktop Administrator deploys, configures, secures, manages, and monitors devices and client applications in an enterprise environment. Responsibilities include managing identity, access, policies, updates, and apps. The MDA collaborates with the M365 Enterprise Administrator to design and implement a device strategy that meets the business needs of a modern organization. The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 10 and non-Windows devices. The MDA role focuses on cloud services rather than on-premises management technologies.

 

Course Objectives:

• Plan, develop, and implement an Operating System deployment, upgrade, and update strategy. 
• Understand the benefits and methods of co-management strategies. 
• Plan and implement device enrollment and configuration. 
• Manage and deploy applications and plan a mobile application management strategy. 
• Manage users and authentication using Azure AD and Active Directory DS. Describe and implement methods used to protect devices and data.

 

Course Outline:

MD-101T01: Deploying the Modern Desktop

Module 1: Planning an Operating System Deployment Strategy

This module explains how to plan and implement a deployment strategy. It covers various methods and scenarios for deploying Windows. It discusses on-premise and cloud technologies as well as considerations for new deployments, upgrading, and migrations.

 

Lessons

• Overview of Windows as a service
• Windows 10 Deployment options
• Considerations for Windows 10 deployment

 

Module 2: Implementing Windows 10

This module covers new modern methods for deploying Windows 10 such as Windows Autopilot and provisioning packages. This module also covers tool used in upgrade planning, application compatibility and migration methods.

 

Lessons

• Implementing Windows 10 by using dynamic deployment
• Implementing Windows 10 by using Windows Autopilot
• Upgrading devices to Windows 10

 

Module 3: Managing Updates for Windows 10

This module covers managing updates to Windows. This module introduces the servicing options for Windows 10. Students will learn the different methods for deploying updates and how to configure windows update policies.

 

Lessons

• Implementing Windows 10 by using dynamic deployment
• Implementing Windows 10 by using Windows Autopilot
• Upgrading devices to Windows 10

 

Module 4: Course Conclusion

Final Exam

 

MD-101T02: Managing Modern Desktop and Devices

Module 1: Device Enrollment

In this module, students will examine the benefits and prerequisites for co-management and learn how to plan for it. This module will also cover Azure AD join and will be introduced to Microsoft Intune, as well as learn how to configure policies for enrolling devices. The module will conclude with an overview of device inventory in Intune and reporting using the Intune console, Power BI and Microsoft Graph.

 

Lessons

• Device management options
• Manage Intune device enrollment and inventory

 

Module 2: Configuring Profiles

This module dives deeper into Intune device profiles including the types of device profiles and the difference between built-in and custom profiles. The student will learn about assigning profiles to Azure AD groups and monitoring devices and profiles in Intune. The module will conclude with an overview of using Windows Analytics for health and compliance reporting.

 

Lessons

• Configuring device profiles
• Managing user profiles
• Monitoring devices

 

Module 3: Application Management

In this module, students learn about application management on-premise and cloud-based solutions. This module will cover how to manage Office 365 ProPlus deployments in Intune as well as how to manage apps on non-enrolled devices. The module will conclude with an overview of Enterprise Mode with Internet Explorer and Microsoft Edge and tracking your installed applications, licenses, and assigned apps using Intune.

 

Lessons

• Implement Mobile Application Management (MAM)
• Deploying and updating applications
• Administering applications

 

Module 4: Course Conclusion

Final Exam

 

MD-101T03: Protecting Modern Desktops and Devices

Module 1: Managing Authentication in Azure AD

In this module, students well be introduced to the concept of directory in the cloud with Azure AD. Students will learn the similarities and differences between Azure AD and Active Directory DS and how to synchronize between the two. Students will explore identity management in Azure AD and learn about identity protection using Windows Hello for Business, as well as Azure AD Identity Protection and multi-factor authentication. The module will conclude with securely accessing corporate resources and introduce concepts such as Always On VPN and remote connectivity in Windows 10.

 

Lessons

• Azure AD Overview
• Managing identities in Azure AD
• Protecting identities in Azure AD
• Managing device authentication
• Enabling corporate access
• Describe methods of enabling access from external networks.

 

Module 2: Managing Devices and Device Policies

In this module, students will be introduced to managing device security with Intune. Students will discover how Intune can use device profiles to manage configuration of devices to protect data on a device. Students will learn how to create and deploy compliance policies and use compliance policies for conditional access. The module concludes with monitoring devices enrolled in Intune.

 

Lessons

• Microsoft Intune Overview
• Managing devices with Intune
• Implement device compliance policies

 

Module 3: Managing Security

In this module, students will learn about data protection. Topics will include Windows & Azure Information Protection, and various encryption technologies supported in Windows 10. This module also covers key capabilities of Windows Defender Advanced Threat Protection and how to implement these capabilities on devices in your organization. The module concludes using Windows Defender and using functionalities such as antivirus, firewall and Credential Guard.

 

Lessons

• Implement device data protection
• Managing Windows Defender ATP
• Managing Windows Defender in Windows 10

 

Module 4: Course Conclusion

Final Exam

 

Labs

Lab: Practice Lab – Planning Windows 10 deployment

Lab: Practice Lab – Implementing Windows 10

• Creating and deploying provisioning package
• Migrating user settings
• Deploying Windows 10 with AutoPilot

Lab : Practice Lab – Managing Updates for Windows 10

• Manually configuring Windows Update settings
• Configuring Windows Update by using GPOs

Lab : Graded Lab

 

MD-101T02: Managing Modern Desktop and Devices

Lab: Practice Lab – Device Enrollment and Management

• Installing the MDM Migration Analysis Tool (MMAT)
• Obtain Intune and Azure AD Premium licenses and enable device management
• Enrolling devices in Intune
• Managing devices in Intune
• Creating device inventory reports

Lab: Practice Lab – Managing profiles

• Configuring roaming user profiles and Folder Redirection
• Create and deploy device profile based on the scenario
• Change deployed policy and monitor user and device activity
• Configuring Enterprise State Roaming

Lab: Practice Lab – Managing Applications

• Deploying apps by using Intune
• Configure and deploy Office 365 ProPlus from Intune
• Configure mobile application management (MAM) policies in Intune

Lab: Graded Lab

 

MD-101T03: Protecting Modern Desktops and Devices

Lab: Practice Lab – Managing objects and authentication in Azure AD

• Enabling and configuring Azure AD Premium with Enterprise Mobility + Security (EMS) tenant
• Creating user and group objects with UI and Windows PowerShell
• Configuring Self-service password reset (SSPR) for user accounts in Azure AD
• Joining a device to Azure AD

Lab: Practice Lab – Managing devices

• Configuring Microsoft Intune for device management
• Configuring compliance policies and device profiles
• Enrolling Windows 10 devices and managing compliance

Lab: Practice Lab – Managing Security in Windows 10

• Configuring Encrypting File System (EFS)
• Configuring BitLocker
• Configuring a WIP policy in Intune
• Configuring Windows Defender

Lab: Graded Lab