Microsoft 365 Endpoint Administrator (MD-102T00)

Prerequisites:

The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience in deploying, configuring, and maintaining Windows 11 and later and non-Windows devices.

Target Audience:

The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.

Course Objectives:

Students will learn to:

• Explore the Enterprise Desktop
• Explore Windows Editions
• Understand Microsoft Entra ID
• Manage Microsoft Entra identities
• Manage device authentication
• Enroll devices using Microsoft Configuration Manager
• Enroll devices using Microsoft Intune
• Execute device profiles
• Oversee device profiles
• Maintain user profiles
• Execute mobile application management
• Deploy and update applications
• Administer endpoint applications
• Protect identities in Microsoft Entra ID
• Enable organizational access
• Implement device compliance
• Generate inventory and compliance reports
• Deploy device data protection
• Manage Microsoft Defender for Endpoint
• Manage Microsoft Defender in Windows client
• Manage Microsoft Defender for Cloud Apps
• Assess deployment readiness
• Deploy using the Microsoft Deployment Toolkit
• Deploy using Microsoft Configuration Manager
• Deploy Devices using Windows Autopilot
• Implement dynamic deployment methods
• Plan a transition to modern endpoint management
• Manage Windows 365
• Manage Azure Virtual Desktop

Course Outline:

Module 1: Explore the Enterprise Desktop

• Describe the benefits of Modern Management.
• Explain the enterprise desktop life-cycle model.
• Describe considerations for planning hardware strategies.
• Describe considerations for post-deployment and retirement.

Module 2: Explore Windows Editions

• Explain the differences between the different editions of Windows.
• Select the most suitable Windows device for your needs.
• Describe the minimum recommended hardware requirements for installing Windows 11.

Module 3: Understand Microsoft Entra ID

• Describe Microsoft Entra ID.
• Compare Microsoft Entra ID to Active Directory Domain Services (AD DS).
• Describe how Microsoft Entra ID is used as a directory for cloud apps.
• Describe Microsoft Entra ID P1 and P2.
• Describe Microsoft Entra Domain Services.

Module 4: Manage Microsoft Entra identities

• Describe RBAC and user roles in Microsoft Entra ID.
• Create and manage users in Microsoft Entra ID.
• Create and manage groups in Microsoft Entra ID.
• Use Windows PowerShell cmdlets to manage Microsoft Entra ID.
• Describe how you can synchronize objects from AD DS to Microsoft Entra ID.

Module 5: Manage device authentication

• Describe Azure AD join.
• Describe Azure AD join prerequisites, limitations, and benefits.
• Join device to Azure AD.
• Manage devices joined to Azure AD.

Module 6: Enroll devices using Microsoft Configuration Manager

• Describe Microsoft Endpoint Manager.
• Understand the advantages of managing a client with Configuration Manager.
• Deploy the Configuration Manager client.
• Monitor the Configuration Manager client.
• Manage Configuration Manager devices.

Module 7: Enroll devices using Microsoft Intune

• Prepare Microsoft Intune for device enrollment.
• Configure Microsoft Intune for automatic enrollment.
• Explain how to enroll Windows, Android, and iOS devices in Intune.
• Explain when and how to use Intune Enrollment Manager.
• Understand how to monitor and perform remote actions on enrolled devices

Module 8: Execute device profiles

• Describe the various types of device profiles in Intune.
• Explain the difference between built-in and custom profiles.
• Create and manage profiles.

Module 9: Oversee device profiles

• Monitor the assignments of profiles.
• Understand how profiles are synchronized and how to manually force synchronization.
• Use PowerShell to execute and monitor scripts on devices.

Module 10: Maintain user profiles

• Explain the various user profile types that exist in Windows.
• Describe how a user profile works.
• Configure user profiles to conserve space.
• Explain how to deploy and configure Folder Redirection.
• Explain Enterprise State Roaming.
• Configure Enterprise State Roaming for Azure AD devices.

Module 11: Execute mobile application management

• Explain Mobile Application Management
• Understand application considerations in MAM
• Explain how to use Configuration Manager for MAM
• Use Intune for MAM
• Implement and manage MAM policies

Module 12: Deploy and update applications

• Explain how to deploy applications using Intune and Configuration Manager
• Learn how to deploy applications using Group Policy
• Understand Microsoft Store Apps
• Learn how to deploy apps using Microsoft Store Apps
• Learn how to configure Microsoft Store Apps

Module 13: Administer endpoint applications

• Explain how to manage apps in Intune
• Understand how to manage apps on non-enrolled devices
• Understand how to deploy Microsoft 365 Apps using Intune
• Learn how to configure and manage IE mode in Microsoft Edge
• Learn about app inventory options in Intune

Module 14: Protect identities in Microsoft Entra ID

• Describe Windows Hello for Business
• Describe Windows Hello deployment and management
• Describe Microsoft Entra ID Protection
• Describe and manage self-service password reset in Microsoft Entra ID
• Describe and manage multi-factor authentication

Module 15: Enable organizational access

• Describe how you can access corporate resources
• Describe VPN types and configuration
• Describe Always On VPN
• Describe how to configure Always On VPN

Module 16: Implement device compliance

• Describe the device compliance policy
• Deploy a device compliance policy
• Describe conditional access
• Create conditional access policies

Module 17: Generate inventory and compliance reports

• Generate inventory reports and Compliance reports using Microsoft Intune
• Report and monitor device compliance
• Create custom reports using the Intune Data Warehouse
• Use the Microsoft Graph API for building custom reports

Module 18: Deploy device data protection

• Describe Windows Information Protection
• Plan for Windows Information Protection usage
• Implement and use Windows Information Protection
• Describe the Encrypting File System (EFS)
• Describe BitLocker

Module 19: Manage Microsoft Defender for Endpoint

• Describe Microsoft Defender for Endpoint
• Describe key capabilities of Microsoft Defender for Endpoint
• Describe Microsoft Defender Application Guard
• Describe Microsoft Defender Exploit Guard
• Describe Windows Defender System Guard

Module 20: Manage Microsoft Defender in Windows client

• Describe Windows Security capabilities
• Describe Windows Defender Credential Guard
• Manage Microsoft Defender Antivirus
• Manage Windows Defender Firewall
• Manage Windows Defender Firewall with Advanced Security

Module 21: Manage Microsoft Defender for Cloud Apps

• Describe Microsoft Defender for Cloud Apps
• Plan for Microsoft Defender for Cloud Apps usage
• Implement and use Microsoft Defender for Cloud Apps

Module 22: Assess deployment readiness

• Describe the guidelines for an effective enterprise desktop deployment.
• Explain how to assess the current environment.
• Describe the tools that you can use to assess your current environment.
• Describe the methods of identifying and mitigating application compatibility issues.
• Explain considerations for planning a phased rollout.

Module 23: Deploy using the Microsoft Deployment Toolkit

• Describe the fundamentals of using images in traditional deployment methods.
• Describe the key benefits, limitations, and decisions when planning a deployment of – Windows using Microsoft Deployment Toolkit (MDT).
• Describe how Configuration Manager builds upon MDT and how both can work in harmony.
• Explain the different options and considerations when choosing the user interaction experience during deployment, and which methods and tools support these experiences.

Module 24: Deploy using Microsoft Configuration Manager

• Describe the capabilities of Configuration Manager.
• Describe the key components of Configuration Manager.
• Describe how to troubleshoot Configuration Manager deployments.

Module 25: Deploy Devices using Windows Autopilot

• Explain the benefits of modern deployment for new devices.
• Describe the process of preparing for an Autopilot deployment.
• Describe the process of registering devices in Autopilot.
• Describe the different methods and scenarios of Autopilot deployments.
• Describe how to troubleshoot common Autopilot issues.
• Describe the process of deployment using traditional methods.

Module 26: Implement dynamic deployment methods

• Describe how Subscription Activation works.
• Describe the benefits of Provisioning Packages.
• Explain how Windows Configuration Designer creates Provisioning Packages.
• Describe the benefits of using MDM enrollment with Azure AD join.

Module 27: Plan a transition to modern endpoint management

• Identify usage scenarios for Azure AD join.
• Identify workloads that you can transition to Intune.
• Identify prerequisites for co-management.
• Identify considerations for transitioning to modern management.
• Plan a transition to modern management using existing technologies.
• Plan a transition to modern management using Microsoft Intune.

Module 28: Manage Windows 365

• Describe the key features of Windows 365
• Describe the Windows 365 management experience
• Describe the Windows 365 security model
• Describe the Windows 365 deployment options
• Describe the Windows 365 licensing model

Module 29: Manage Azure Virtual Desktop

• Describe the key features of Azure Virtual Desktop
• Describe the Azure Virtual Desktop management experience
• Describe the Azure Virtual Desktop security model
• Describe the Azure Virtual Desktop deployment options