MS-MD102T00: Microsoft 365 Endpoint Administrator

This module covers modern endpoint management and enterprise desktop lifecycle concepts. It teaches the stages of the lifecycle (planning, deployment, maintenance) and provides a foundation for future learning.

Lessons

- Introduction

- Examine benefits of modern management

- Examine the enterprise desktop life-cycle model

- Examine planning and purchasing

- Examine desktop deployment

- Plan an application deployment

- Plan for upgrades and retirement

- Knowledge check

By the end of this module, you'll be able to:

- Describe the benefits of Modern Management.

- Explain the enterprise desktop life-cycle model.

- Describe considerations for planning hardware strategies.

- Describe considerations for post-deployment and retirement.

This module covers Windows OS editions, features, and installation methods. Learners gain a deeper understanding of the available editions and corresponding installation processes.

Lessons

- Introduction

- Examine Windows client editions and capabilities

- Select client edition

- Examine hardware requirements

- Knowledge check

By the end of this module, you'll be able to:

- Explain the differences between the different editions of Windows.

- Select the most suitable Windows device for your needs.

- Describe the minimum recommended hardware requirements for installing Windows 11.

This module explains Microsoft Entra ID. You'll compare Microsoft Entra ID to Active Directory DS, learn about Microsoft Entra ID P1 and P2, and explore Microsoft Entra Domain Services for managing domain-joined devices and apps in the cloud.

Lessons

- Introduction

- Examine Microsoft Entra ID

- Compare Microsoft Entra ID and Active Directory Domain Services

- Examine Microsoft Entra ID as a directory service for cloud apps

- Compare Microsoft Entra ID P1 and P2 plans

- Examine Microsoft Entra Domain Services

- Knowledge check

By the end of this module, you'll be able to:

- Describe Microsoft Entra ID.

- Compare Microsoft Entra ID to Active Directory Domain Services (AD DS).

- Describe how Microsoft Entra ID is used as a directory for cloud apps.

- Describe Microsoft Entra ID P1 and P2.

- Describe Microsoft Entra Domain Services.

This module teaches how to use Microsoft Entra ID effectively. You'll learn about RBAC, user roles, creating and managing users and groups, using PowerShell cmdlets, and synchronizing objects from AD DS to Microsoft Entra ID.

Lessons

- Introduction

- Examine RBAC and user roles in Microsoft Entra ID

- Create and manage users in Microsoft Entra ID

- Create and manage groups in Microsoft Entra ID

- Manage Microsoft Entra objects with Microsoft Graph PowerShell

- Synchronize objects from AD DS to Microsoft Entra ID

- Knowledge check

By the end of this module, you'll be able to:

- Describe RBAC and user roles in Microsoft Entra ID.

- Create and manage users in Microsoft Entra ID.

- Create and manage groups in Microsoft Entra ID.

- Use Windows PowerShell cmdlets to manage Microsoft Entra ID.

- Describe how you can synchronize objects from AD DS to Microsoft Entra ID.

In this module, you learn about device authentication and management in Microsoft Entra ID.

Lessons

- Introduction

- Describe Microsoft Entra join

- Examine Microsoft Entra join prerequisites limitations and benefits

- Join devices to Microsoft Entra ID

- Manage devices joined to Microsoft Entra ID

- Knowledge check

By the end of this module, you'll be able to:

- Describe Microsoft Entra join.

- Describe Microsoft Entra join prerequisites, limitations, and benefits.

- Join device to Microsoft Entra ID.

- Manage devices joined to Microsoft Entra ID.

This module introduces students to client deployment options and some of the high-level management and monitoring options that are available using Configuration Manager.

Lessons

- Introduction

- Deploy the Microsoft Configuration Manager client

- Monitor the Microsoft Configuration Manager client

- Manage the Microsoft Configuration Manager client

- Knowledge check

By the end of this module, you'll be able to:

- Describe Microsoft Endpoint Manager.

- Understand the advantages of managing a client with Configuration Manager.

- Deploy the Configuration Manager client.

- Monitor the Configuration Manager client.

- Manage Configuration Manager devices.

Students will learn how to configure and setup Intune to more easily manage Windows, Android, and iOS devices.

Lessons

- Introduction

- Manage mobile devices with Intune

- Enable mobile device management

- Explain considerations for device enrolment

- Manage corporate enrollment policy

- Enroll Windows devices in Intune

- Enroll Android devices in Intune

- Enroll iOS devices in Intune

- Explore device enrollment manager

- Monitor device enrollment

- Manage devices remotely

- Knowledge check

By the end of this module, you'll be able to:

- Prepare Microsoft Intune for device enrollment.

- Configure Microsoft Intune for automatic enrollment.

- Explain how to enroll Windows, Android, and iOS devices in Intune.

- Explain when and how to use Intune Enrollment Manager.

- Understand how to monitor and perform remote actions on enrolled devices.

Students learn about the various types of device profiles, and how to create and manage them.

Lessons

- Introduction

- Explore Intune device profiles

- Create device profiles

- Create a custom device profile

- Knowledge check

By the end of this module, you'll be able to:

- Describe the various types of device profiles in Intune.

- Explain the difference between built-in and custom profiles.

- Create and manage profiles.

This module introduces students to monitoring profiles to ensure correct assignments and resolving conflicts when multiple profiles are applied.

Lessons

- Introduction

- Monitor device profiles in Intune

- Manage device sync in Intune

- Manage devices in Intune using scripts

- Knowledge check

By the end of this module, you'll be able to:

- Monitor the assignments of profiles.

- Understand how profiles are synchronized and how to manually force synchronization.

- Use PowerShell to execute and monitor scripts on devices.

Students learn about the benefits of various Windows user profiles, how to manage them, and how to facilitate profile data synchronization across multiple devices.

Lessons

- Introduction

- Examine user profile

- Explore user profile types

- Examine options for minimizing user profile size

- Deploy and configure folder redirection

- Sync user state with Enterprise State Roaming

- Configure Enterprise State Roaming in Azure

- Knowledge check

By the end of this module, you'll be able to:

- Explain the various user profile types that exist in Windows.

- Describe how a user profile works.

- Configure user profiles to conserve space.

- Explain how to deploy and configure Folder Redirection.

- Explain Enterprise State Roaming.

- Configure Enterprise State Roaming for Azure AD devices.

This module introduces Mobile Application Management (MAM). Students will learn about considerations for implementing MAM and will be introduced to the management of MAM using Intune and Configuration Manager.

Lessons

- Introduction

- Examine mobile application management

- Examine considerations for mobile application management

- Prepare line-of-business apps for app protection policies

- Implement mobile application management policies in Intune

- Manage mobile application management policies in Intune

- Knowledge check

By the end of this module, you'll be able to:

- Explain Mobile Application Management.

- Understand application considerations in MAM.

- Explain how to use Configuration Manager for MAM.

- Use Intune for MAM.

- Implement and manage MAM policies.

In this module, you'll master deploying applications using Intune, Configuration Manager, Group Policy, and Microsoft Store Apps. These powerful tools and techniques will equip you to manage and maintain diverse applications across your organization effectively.

Lessons

- Introduction

- Deploy applications with Intune

- Add apps to Intune

- Manage Win32 apps with Intune

- Deploy applications with Configuration Manager

- Deploying applications with Group Policy

- Assign and publish software

- Explore Microsoft Store for Business

- Implement Microsoft Store Apps

- Update Microsoft Store Apps with Intune

- Assign apps to company employees

- Knowledge check

By the end of this module, you'll be able to:

- Explain how to deploy applications using Intune and Configuration Manager.

- Learn how to deploy applications using Group Policy.

- Understand Microsoft Store Apps.

- Learn how to deploy apps using Microsoft Store Apps.

- Learn how to configure Microsoft Store Apps.

In this module, you're introduced to managing apps on Intune managed devices. The module will then conclude with an overview of how to use IE Mode with Microsoft Edge.

Lessons

- Introduction

- Manage apps with Intune

- Manage Apps on non-enrolled devices

- Deploy Microsoft 365 Apps with Intune

- Additional Microsoft 365 Apps Deployment Tools

- Configure Microsoft Edge Internet Explorer mode

- App Inventory Review

- Knowledge check

By the end of this module, you'll be able to:

- Explain how to manage apps in Intune.

- Understand how to manage apps on nonenrolled devices.

- Understand how to deploy Microsoft 365 Apps using Intune.

- Learn how to configure and manage IE mode in Microsoft Edge.

- Learn about app inventory options in Intune.

This module introduces students to the various authentication methods used to protect identities.

Lessons

- Introduction

- Explore Windows Hello for Business

- Deploy Windows Hello

- Manage Windows Hello for Business

- Explore Microsoft Entra ID Protection

- Manage self-service password reset in Microsoft Entra ID

- Implement multi-factor authentication

- Knowledge check

By the end of this module, you'll be able to:

- Describe Windows Hello for Business.

- Describe Windows Hello deployment and management.

- Describe Microsoft Entra ID Protection.

- Describe and manage self-service password reset in Microsoft Entra ID.

- Describe and manage multi-factor authentication.

This module describes how clients can be configured to access organizational resources using a virtual private network (VPN).

Lessons

- Introduction

- Enable access to organization resources

- Explore VPN types and configuration

- Explore Always On VPN

- Deploy Always On VPN

- Knowledge check

By the end of this module, you'll be able to:

- Describe how you can access corporate resources

- Describe VPN types and configuration

- Describe Always On VPN 

- Describe how to configure Always On VPN

This module describes how to use compliance and conditional access policies to help protect access to organizational resources.

Lessons

- Introduction

- Protect access to resources using Intune

- Explore device compliance policy

- Deploy a device compliance policy

- Explore conditional access

- Create conditional access policies

- Knowledge check

By the end of this module, you'll be able to:

- Describe device compliance policy

- Deploy a device compliance policy

- Describe conditional access

- Create conditional access policies

This module describes how to use Microsoft Endpoint Manager and Power BI to create compliance and custom reports.

Lessons

- Introduction

- Report enrolled devices inventory in Intune

- Monitor and report device compliance

- Build custom Intune inventory reports

- Access Intune using Microsoft Graph API

- Knowledge check

- Summary

By the end of this module, you'll be able to:

- Generate inventory reports and Compliance reports using Microsoft Intune

- Report and monitor device compliance

- Create custom reports using the Intune Data Warehouse

- Use the Microsoft Graph API for building custom reports

This module describes how you can use Intune to create and manage WIP policies that manage this protection. The module also covers implementing BitLocker and Encrypting File System.

Lessons

- Introduction

- Explore Windows Information Protection

- Plan Windows Information Protection

- Implement and use Windows Information Protection

- Explore Encrypting File System in Windows client

- Explore BitLocker

- Knowledge check

- Summary

By the end of this module, you'll be able to:

- Describe Windows Information Protection

- Plan for Windows Information Protection usage

- Implement and use Windows Information Protection

- Describe the Encrypting File System (EFS)

- Describe BitLocker

This module explores using Microsoft Defender for Endpoint to provide additional protection and monitor devices against threats.

Lessons

- Introduction

- Explore Microsoft Defender for Endpoint

- Examine key capabilities of Microsoft Defender for Endpoint

- Explore Windows Defender Application Control and Device Guard

- Explore Microsoft Defender Application Guard

- Examine Windows Defender Exploit Guard

- Explore Windows Defender System Guard

- Knowledge check

By the end of this module, you'll be able to:

- Describe Microsoft Defender for Endpoint.

- Describe key capabilities of Microsoft Defender for Endpoint.

- Describe Microsoft Defender Application Guard.

- Describe Microsoft Defender Exploit Guard.

- Describe Windows Defender System Guard.

This module explains the built-in security features of Windows clients and how to implement them using policies.

Lessons

- Introduction

- Explore Windows Security Center

- Explore Windows Defender Credential Guard

- Manage Microsoft Defender Antivirus

- Manage Windows Defender Firewall

- Explore Windows Defender Firewall with Advanced Security

- Knowledge check

By the end of this module, you'll be able to:

- Describe Windows Security capabilities

- Describe Windows Defender Credential Guard

- Manage Microsoft Defender Antivirus

- Manage Windows Defender Firewall

- Manage Windows Defender Firewall with Advanced Security

This module covers Microsoft Defender for Cloud Apps, focusing on securing sensitive data, its relevance in dynamic work settings, and effective utilization for improved security posture.

Lessons

- Introduction

- Explore Microsoft Defender for Cloud Apps

- Planning Microsoft Defender for Cloud Apps

- Implement Microsoft Defender for Cloud Apps

- Knowledge check

By the end of this module, you'll be able to:

- Describe Microsoft Defender for Cloud Apps

- Plan for Microsoft Defender for Cloud Apps usage

- Implement and use Microsoft Defender for Cloud Apps

Discusses some of the tools that you can use to perform detailed assessments of existing deployments and describes some of the challenges that you may face.

Lessons

- Introduction

- Examine deployment guidelines

- Explore readiness tools

- Assess application compatibility

- Explore tools for application compatibility mitigation

- Prepare network and directory for deployment

- Plan a pilot

- Knowledge check

By the end of this module, you'll be able to:

- Describe the guidelines for an effective enterprise desktop deployment.

- Explain how to assess the current environment.

- Describe the tools that you can use to assess your current environment.

- Describe the methods of identifying and mitigating application compatibility issues.

- Explain considerations for planning a phased rollout.

Discusses the shifts from traditional to modern management and where on-premises solutions best fit in today’s enterprise.

Lessons:

- Introduction

- Evaluate traditional deployment methods

- Set up the Microsoft Deployment Toolkit for client deployment

- Manage and deploy images using the Microsoft Deployment Toolkit

- Knowledge check

By the end of this module, you'll be able to:

- Describe the fundamentals of using images in traditional deployment methods.

- Describe the key benefits, limitations, and decisions when planning a deployment of - Windows using Microsoft Deployment Toolkit (MDT).

- Describe how Configuration Manager builds upon MDT and how both can work in harmony.

- Explain the different options and considerations when choosing the user interaction experience during deployment, and which methods and tools support these experiences.

This module explains the common day to day tasks that Administrators would use Configuration Manager to perform.

Lessons:

- Introduction

- Explore client deployment using Configuration Manager

- Examine deployment components of Configuration Manager

- Manage client deployment using Configuration Manager

- Plan in-place upgrades using Configuration Manager

- Knowledge check

By the end of this module, you'll be able to:

- Describe the capabilities of Configuration Manager.

- Describe the key components of Configuration Manager.

- Describe how to troubleshoot Configuration Manager deployments.

Use Autopilot to deploy new hardware or refreshing an existing hardware with the organization’s desired configuration, without using the traditional imaging process.

Lessons

- Introduction

- Use Autopilot for modern deployment

- Examine requirements for Windows Autopilot

- Prepare device IDs for Autopilot

- Implement device registration and out-of-the-box customization

- Examine Autopilot scenarios

- Troubleshoot Windows Autopilot

- Knowledge check

By the end of this module, you'll be able to:

- Explain the benefits of modern deployment for new devices.

- Describe the process of preparing for an Autopilot deployment.

- Describe the process of registering devices in Autopilot.

- Describe the different methods and scenarios of Autopilot deployments.

- Describe how to troubleshoot common Autopilot issues.

- Describe the process of deployment using traditional methods.

Use dynamic provisioning methods such as Subscription Activation, Provisioning packages, and Microsoft Entra join to reconfigure an existing operating system.

Lessons

- Introduction

- Examine subscription activation

- Deploy using provisioning packages

- Use Windows Configuration Designer

- Use Microsoft Entra join with automatic MDM enrollment

- Knowledge check

By the end of this module, you'll be able to:

- Describe how Subscription Activation works.

- Describe the benefits of Provisioning Packages.

- Explain how Windows Configuration Designer creates Provisioning Packages.

- Describe the benefits of using MDM enrolment with Microsoft Entra join.

Explore considerations and review the planning of transitioning to modern management, focusing on migration and newly provisioned devices.

Lessons

- Introduction

- Explore using co-management to transition to modern endpoint management

- Examine prerequisites for co-management

- Evaluate modern management considerations

- Evaluate upgrades and migrations in modern transitioning

- Migrate data when modern transitioning

- Migrate workloads when modern transitioning

- Knowledge check

By the end of this module, you'll be able to:

- Identify usage scenarios for Microsoft Entra join.

- Identify workloads that you can transition to Intune.

- Identify prerequisites for co-management.

- Identify considerations for transitioning to modern management.

- Plan a transition to modern management using existing technologies.

- Plan a transition to modern management using Microsoft Intune.

This module teaches managing Microsoft's cloud-based PC management solution, Windows 365, offering personalized, secure Windows 11 experience from any device. Learn features, setup, management, security, deployment options, and licensing to optimize your environment.

Lessons

- Introduction

- Explore Windows 365

- Configure Windows 365

- Administer Windows 365

- Knowledge check

By the end of this module, you'll be able to:

- Describe the key features of Windows 365.

- Describe the Windows 365 management experience.

- Describe the Windows 365 security model.

- Describe the Windows 365 deployment options.

- Describe the Windows 365 licensing model.

Learn to manage Azure Virtual Desktop, a cloud based VDI solution providing personalized, secure Windows 11 experiences. Understand key features, management, security, and deployment options for optimizing your environment.

Lessons

- Introduction

- Examine Azure Virtual Desktop

- Explore Azure Virtual Desktop

- Configure Azure Virtual Desktop

- Administer Azure Virtual Desktop

- Knowledge check

By the end of this module, you'll be able to:

- Describe the key features of Azure Virtual Desktop

- Describe the Azure Virtual Desktop management experience

- Describe the Azure Virtual Desktop security model

- Describe the Azure Virtual Desktop deployment options

This module explores the Microsoft Intune Suite, highlighting its advanced device management and security capabilities, components, usage, and integration with the broader Microsoft security ecosystem.

Lessons

- Introduction

- Discover essentials of Microsoft Intune Suite

- Applying Zero Trust security using the Microsoft Intune Suite

- Implement Endpoint Privilege Management

- Understand enterprise app management

- Explore Advanced Analytics

- Provide Remote Help

- Deploy Microsoft Tunnel for mobile applications

- Knowledge check

- Summary

By the end of this module, you'll be able to:

- Understand the core features of the Microsoft Intune Suite.

- Apply Zero Trust Security using Microsoft Intune.

- Implement Endpoint Privilege Management.

- Understand enterprise app management.

- Understand advanced analytics for device and app insights.

- Provide remote help to users.

- Understand what Microsoft Tunnel for mobile applications is.