Microsoft 365 Endpoint Administrator

Important - This course has MFA Requirements. Please read this link and download the MFA app, prior to attending.

Technical Experience: Candidates should have experience with Microsoft Entra ID (formerly Azure AD), Microsoft 365 technologies, and Intune. Familiarity with managing Windows and non-Windows devices is essential.

Knowledge Areas:

• Device management and client networking.
• Policy-based management.
• Cloud-based solutions.
• Basic understanding of Active Directory, DNS, and PowerShell.

Target Audience

This course is designed for IT professionals who are responsible for managing, configuring, and securing devices in a Microsoft 365 environment. Typical roles include:

• Endpoint Administrators.
• Microsoft 365 Administrators.
• IT Managers and Support Technicians.
• Security and Identity Administrators.

Upon completion of this course, participants will be able to:

• Implement solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types.
• Implement and managing endpoints at scale by using Microsoft Intune, Microsoft Intune Suite, Windows Autopilot, Microsoft Copilot for Security, Microsoft Defender for Endpoint, Microsoft Entra ID, Azure Virtual Desktop, and Windows 365.
• Implement identity, security, access, policies, updates, and apps for endpoints.

Skills measured

• Prepare infrastructure for devices.
• Manage and maintain devices.
• Manage applications.
• Protect devices.

Course Introduction

• Overview of course objectives, student introductions, and key topics.
• Setting expectations and discussing the certification exam requirements.

Learning Path 1: Explore Modern Management

Module 1: Understanding Microsoft Entra ID

• Examine Microsoft Entra ID (formerly Azure AD).
• Compare Microsoft Entra ID and Active Directory Domain Services (AD DS).
• Examine Microsoft Entra ID as a directory service for cloud apps.
• Examine Microsoft Entra Domain Services.

Module 2: Managing Microsoft Entra ID Identities

• Create Role-Based Access Control (RBAC) and user roles in Microsoft Entra.
• Create and manage users in Microsoft Entra ID.
• Create and manage groups in Microsoft Entra ID.
• Manage Microsoft Entra ID objects with PowerShell.
• Synchronise objects from AD DS to Microsoft Entra ID.

Practice Labs: Explore Modern Management

• Manage Identities in Entra ID.
• Synchronising Identities by using Entra ID Connect.

Learning Path 2: Execute Device enrolment

Module 1: Manage device authentication

• Describe Microsoft Entra join.
• Examine Microsoft Entra join prerequisites.
• Join devices to Microsoft Entra.
• Manage devices joined to Microsoft Entra.

Module 2: Enrol devices using Microsoft Intune

• Manage mobile devices with Intune.
• Enable mobile device management.
• Explain considerations for device enrolment.
• Manage corporate enrolment policy.
• Enrol windows devices in Intune.
• Enrol Android devices in Intune.
• Explore device enrolment manager.
• Monitor device enrolment.
• Manage devices remotely.

Practice Lab: Execute Device enrolment

• Configure and manage Entra ID join.
• Manage Entra ID device registration.
• Manage device enrolment into Intune.
• Enrolling devices into Microsoft Intune

Learning Path 3: Configure profiles for users and devices

Module 1: Execute device profiles

• Explore Microsoft Intune profiles.
• Create device profiles.
• Create a custom device profile.

Module 2: Oversee device profiles

• Monitor devices profiles with Microsoft Intune.
• Manage device sync with Microsoft Intune.
• Manage device in Microsoft Intune using scripts.

Module 3: Maintain user profiles

• Examine user profiles.
• Explore user profile types.
• Examine options for minimising user profile types.
• Deploy and configure folder redirection.
• Sync user state with Enterprise State Roaming.
• Configure Enterprise State Roaming in Azure.

Practice Lab: Configure profiles for users and devices

• Create and deploy configuration profiles.
• Using profiles to configure Kiosk mode.
• Using configuration profiles to configure iOS and iPadOS Wi-Fi settings.
• Using group Policy Analytics to validate GPO support for Intune.
• Monitor device and user activity in Intune.

Learning Path 4: Examine application management

Module 1: Execute mobile application management

• Examine mobile application management.
• Examine considerations for mobile application management.
• Prepare line-of-business apps for app protection policies.
• Implement mobile application management policies in Intune.
• Manage mobile application management policies in Intune.

Module 2: Deploy and update applications

• Deploy applications with Intune.
• Add apps to Intune.
• Manage Win32 apps with Intune.
• Deploy applications with Microsoft Configuration Manager.
• Deploy applications with Group Policy.
• Assign and publish software.
• Explore Microsoft Store for Business.
• Implement Microsoft Store Apps.
• Update Microsoft Store Apps with Intune.
• Assign apps to company employees.

Module 3: Administer endpoint applications

• Manage apps with Intune.
• Manage apps on non-enrolled devices.
• Deploy Microsoft 365 Apps with Intune.
• Additional Microsoft 365 Apps deployment tools.
• Configure Microsoft Edge Internet Explorer mode.
• App inventory review.

Practice Lab: Examine application management

• Deploy cloud apps using Intune.
• Configure App Protection Policies for mobile devices.

Learning Path 5: Managing Authentication and Compliance

Module 1: Protect identities in Microsoft Entra

• Explore Windows Hello for Business.
• Deploy Windows Hello.
• Manage Windows Hello for Business.
• Explore Microsoft Entra identity Protection.
• Manage Self-Service Password Reset in Entra.
• Implement Multifactor Authentication.

Module 2: Enable Organisation access

• Enable access to organisation resources.
• Explore VPN types and configuration.
• Explore Always On VPN.
• Deploy Always On VPN.

Module 3: Implement device compliance

• Protect access to resources using Intune.
• Explore device compliance policy.
• Deploy a device compliance policy.
• Explore conditional access.
• Create conditional access polices.

Module 4: Create inventory and compliance reports

• Report enrolled devices inventory in Intune.
• Monitor and report device compliance.
• Build custom Intune inventory reports.
• Access Intune using Microsoft Graph API

Practice Lab: Managing Authentication and Compliance

• Configure Multifactor Authentication.
• Configure Self-Service Password Reset for user accounts in Microsoft Entra.
• Configuring and validating device compliance.
• Creating device inventory reports.

Learning Path 6: Manage endpoint security

Module 1: Deploy device data protection

• Explore Windows Information Protection.
• Plan Windows Information Protection.
• Implement and use Windows Information Protection.
• Explore Encrypting File System in Windows client.
• Explore BitLocker.

Module 2: Manage Microsoft Defender for Endpoint

• Explore Microsoft Defender for Endpoint.
• Examine key capabilities of Microsoft Defender for Endpoint.
• Explore Microsoft Defender Application Control and Device Guard.
• Explore Microsoft Defender Application Guard.
• Explore Microsoft Defender Exploit Guard.
• Explore Microsoft Defender System Guard.

Module 3: Manage Microsoft Defender for Windows client

• Explore Windows Security Center.
• Explore Windows Defender Credentials Guard.
• Manage Microsoft Defender Antivirus.
• Manage Windows Defender Firewall.
• Explore Windows Defender Firewall with Advance Security.

Module 4: Manage Microsoft Defender for Cloud Apps

• Explore Microsoft Defender for Cloud Apps.
• Planning Microsoft Defender for Cloud Apps.
• Implementing Microsoft Defender for Cloud Apps.

Practice Lab: Manage endpoint security

• Configure and deploy Windows Information Protection policies by using Intune.
• Configure endpoint security using Intune.
• Configuring disk encryption using Intune.

Learning Path 7: Deploying using on-premises based tools

Module 1: Assess deployment readiness

• Examine deployment guidelines.
• Explore readiness tools.
• Assess application compatibility.
• Explore tools for application compatibility mitigation.
• Prepare network and directory for deployment.
• Plan a pilot.

Module 2: Deploy using the Microsoft Deployment Toolkit

• Evaluate traditional deployment methods.
• Set up the Microsoft Deployment Toolkit for client deployment.
• Manage and deploy images using the Microsoft Deployment Toolkit.

Practice Labs: Deploying using on-premises based tools

• Deploying Windows 11 using Microsoft Deployment Toolkit.

Learning Path 8: Deploying using cloud-based tools

Module 1: Deploying devices using Windows Autopilot

• Use Autopilot for modern deployment.
• Examine requirements for Windows Autopilot.
• Prepare device IDs for Autopilot.
• Implement device registration and Out-Of-The-Box customisation.
• Examine Autopilot scenarios.
• Troubleshoot Windows Autopilot.

Module 2: Implementing dynamic deployment methods

• Examine subscription activation.
• Deploy using provisioning packages.
• Use windows Configuration Designer.
• Use Microsoft Entra join with automatic MDM enrollment

Module 3: Plan a transition to modern endpoint management

• Explore using co-management to transition to modern management.
• Examine prerequisites for co-management.
• Evaluate modern management considerations.
• Evaluate upgrades and migrations in modern transitioning.
• Migrate data when modern transitioning.
• Migrate workloads when modern transitioning.

Module 4: Manage Windows 365

• Explore Windows 365.
• Configure Windows 365.
• Administer Windows 365.

Module 5: Manage Azure Virtual Desktop

• Examine Azure Virtual Desktop.
• Explore Azure Virtual Desktop.
• Configure Azure Virtual Desktop.
• Administer Azure Virtual Desktop.

Module 6: Explore Microsoft Intune Suite

• Discover essentials of Microsoft Intune Suite.
• Applying Zero Trust Security using Microsoft Intune Suite.
• Implement Endpoint Privilege Management.
• Understanding enterprise app management.
• Explore advance analytics.
• Provide Remote Help.
• Deploy Microsoft Tunnel for Mobile applications.

Practice Labs: Deploying using cloud-based tools

• Deploying Windows 11 with Autopilot.
• Refreshing Windows with Autopilot Reset and Self-Deploying mode