Microsoft-101T00A-ENU-PowerPoint_08.pptx
AbdoulayeSoulama1
44 views
48 slides
Aug 20, 2024
Slide 1 of 48
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
About This Presentation
Microsoft Mobility abd Security course
Slide Content
Module 8: Prepare for device management in Microsoft 365
Module agenda Explore Co-management of Windows 10 devices Prepare your Windows 10 devices for Co-management Transition from Configuration Manager to Intune Examine the Microsoft Store for Business Lab 8-Exercises 1 and 2 – Implement the Microsoft Store for business Plan for application management
Lesson 1: Explore Co-management of Windows 10 devices
Introduction Windows devices were traditionally managed in on-premises domain environments by using Group Policy and Configuration Manager With the introduction of cloud computing and Software-as-a-Service (SaaS) offerings, many companies are moving their services and applications to the cloud
Explore Co-management of Windows 10 devices Co-management is the integration between Configuration Manager and Microsoft Intune, which enables a Windows 10 device to be managed by both at the same time Configuration Manager and Microsoft Intune are now unified under Microsoft Endpoint Manager Endpoint Manager is a unified platform that includes Configuration Manager, Intune, Desktop Analytics, and Co-management Co-management provides the ability to continue using traditional management (Configuration Manager), but also benefit from modern management (Intune)
Explore Co-management of Windows 10 devices (continued) Key benefits of implementing Co-management include: Compliance policies and Conditional Access A wide variety of real-time actions Reduced provisioning costs Anti-virus protection Update management from the cloud Remote control of your Windows devices
Plan your Co-management strategy Co-management enables companies to take advantage of the new features and capabilities, such as compliance policies, selective wipe, and provisioning new Windows 10 devices Configuration Manager managed devices ConfigMgr agent AD Domain Joined ConfigMgr agent AD Domain Joined AAD Joined ConfigMgr agent Intune MDM AD Domain Joined AAD Joined Intune managed devices Intune MDM Workgroup or AAD Joined ConfigMgr agent AD Domain Joined AAD Joined ConfigMgr agent Intune MDM AD Domain Joined AAD Joined New devices Windows AutoPilot Intune MDM AD Domain Joined AAD Joined ConfigMgr agent Intune MDM AD Domain Joined AAD Joined Co-management
Manage devices using Configuration Manager Configuration Manager (Current Branch) provides a unified management console with an automated set of administrative tools to deploy software, protect data, monitor health, and enforce compliance across all devices in an organization Configuration Manager includes the following features: Asset management Change management Administrative features Configuration Manager (Current Branch) can be integrated with cloud services such as Microsoft 365, Intune, and Microsoft Store for Business
Enable Co-management by using Azure Active Directory If you want to enable co-management, your company must use Azure Active Directory (Azure AD) Azure AD is Microsoft’s multi-tenant, cloud-based directory and identity management service that combines core directory services, application access management, and identity protection into a single solution Azure AD is available in three editions: Azure Active Directory Basic Azure Active Directory Premium P1 Azure Active Directory Premium P2 Other Directories Simple connection Self-service Single sign on Username …… On-Premises Microsoft Azure Active Directory SaaS Public cloud Cloud
Knowledge Check Test your knowledge of this lesson by reviewing the Knowledge Check questions in your student manual
Summary In this lesson you examined the following items: Windows devices were traditionally managed in on-premises domain environments by using Group Policy and Configuration Manager With the introduction of cloud computing and Software-as-a-Service (SaaS) offerings, many companies are moving their services and applications to the cloud You learned how to: Plan your Co-management strategy Manage devices using Configuration Manager Enable Co-management by using Azure Active Directory
Lesson 2: Prepare your Windows 10 devices for Co-management
Introduction There are two ways to prepare the Windows 10 devices in your existing environment for Co-management: If your devices are currently managed by Configuration Manager but not yet by Intune, you must enroll them to Intune If your devices are currently managed by Intune but not yet by Configuration Manager, you must install the Configuration Manager client on the devices New devices can include the Configuration Manager client, and they can be automatically enrolled to Intune during deployment
Explore the prerequisites for using Co-management To be able to configure Co-management, your infrastructure must include the following features: On-premises AD DS, which is synced with Azure AD Configuration Manager (Current Branch) version 1709 or newer Intune (either separate subscription or part of Enterprise Mobility + Security (EM+S)) Co-management can be used only with devices that meet the following prerequisites: The device must be running Windows 10 version 1709 (Fall Creators Update) or newer The device must be joined to on-premises AD DS and to Azure AD The user of the device must be assigned an Intune license
Discussion – Prerequisites for Using Co-management Discuss the following questions regarding Co-management prerequisites within your organizations: Could you configure co-management in your current company environment? Would you need to perform any actions or implement additional product(s) before you could implement Co-management? Could you use Co-management with all your company devices? 15 minutes…Go!
Configure Configuration Manager for Co-management You can enable Co-management in the Configuration Manager console by running the Co-management Configuration Wizard You can configure the following settings in the wizard: Automatic enrollment in Intune Workloads Roll-out collections
Enroll Windows 10 Devices to Intune Windows 10 devices can be co-managed if they are managed by Configuration Manager and enrolled to Intune To be managed by Configuration Manager, you must install the Configuration Manager client on a device. The client can be installed in several different ways: Client push installation Software update point-based installation Group policy installation Logon script installation Manual installation Microsoft Intune MDM installation
Knowledge Check Test your knowledge of this lesson by reviewing the Knowledge Check questions in your student manual
Summary In this lesson you examined the following items: There are two ways to prepare the Windows 10 devices in your existing environment for Co-management: If your devices are currently managed by Configuration Manager but not yet by Intune, you must enroll them to Intune If your devices are currently managed by Intune but not yet by Configuration Manager, you must install the Configuration Manager client on the devices New devices can include the Configuration Manager client, and they can be automatically enrolled to Intune during deployment
Lesson 3: Transition from Configuration Manager to Intune
Introduction Transition from traditional to modern management is a lengthy process Co-management is often the first step of the transition When you enable co-management, you can start using it on just a few pilot devices
Modify your Co-management settings When your infrastructure meets the prerequisites, you can enable Co-management without introducing any changes in the way that devices are managed You can enable Co-management for all Configuration Manager managed devices or for a subset of their devices After you enable Co-management, you can use the Configuration Manager console to modify the Co-management settings You can modify the following Co-management settings: Pilot collection Automatic enrollment in Intune Workloads
Transfer workload management from Configuration Manager to Intune With co-management, you can control who manages the following workloads: Compliance policies Resource access policies Windows Update policies Endpoint Protection You can also configure where every workload will be managed: Configuration Manager Pilot Intune Intune
Monitor your Co-management solution You can use the Co-management dashboard in the Configuration Manager console to provide you with information about co-management The dashboard helps you: Review devices that are co-managed in your environment Identify devices that need attention
Validate the compliance of your co-managed devices Before you can check whether devices are compliant, you must first define compliance policies Compliance policies are a set of device settings and configurations that devices must meet to be considered compliant You can configure compliance policies in Configuration Manager and Microsoft Intune After you create a compliance policy, you must assign it to one or more groups For devices that apply compliance policies from Configuration Manager, you can view compliance results in the Configuration Manager console
Knowledge Check Test your knowledge of this lesson by reviewing the Knowledge Check questions in your student manual
Summary In this lesson you examined the following items: Transition from traditional to modern management is a lengthy process Co-management is often the first step of the transition When you enable co-management, you can start using it on just a few pilot devices
Lesson 4: Examine the Microsoft Store for Business
Introduction With Windows 10, Microsoft introduced the Microsoft Store for Business, which is meant for organizations of all sizes Microsoft Store for Business enables organizations to set up a private store, which is available only to company employees, and add modern Windows apps to that private store A private store can include publicly available, business-related apps that were purchased from the Microsoft Store for Business
Explore the Microsoft Store for Business Microsoft Store for Business is a cloud service; therefore, users must authenticate with an Azure AD account Microsoft Store for Business is available for free with the following benefits and features: Scalable to fit the size of any organization Uses a familiar infrastructure Provides a private store Bulk app acquisition Centralized management App license tracking and management Flexible distribution options Support for Line of business (LOB) apps Up-to-date apps
Examine the prerequisites to using the Microsoft Store for Business To use Microsoft Store for Business, you must meet the following prerequisites: Internet connectivity Windows 10 devices Windows Update service must be enabled Supported web browser for administering Microsoft Store for Business Azure AD account If your organization uses a management tool (such as Microsoft Intune or Configuration Manager) to distribute and manage apps, you can integrate the tool with the Microsoft Store for Business Connectors are available from Exchange and Microsoft Store for Business to Intune and Configuration Manager You must first sign up for the Microsoft Store for Business before you can start using it
Manage permissions and licensing to use the Microsoft Store for Business You can assign four roles to users to manage access to apps and to perform other tasks in the Microsoft Store for Business: Admin Purchaser Basic purchaser Device Guard signer Microsoft Store for Business supports two licensing models to license apps from the store: Online licensing Offline licensing
Add apps to your private store The private store is a feature in the Microsoft Store for Business that organizations receive during the sign-up process When administrators add apps to the private store, all employees in the organization can view and download the apps An organization's private store is available as a tab in the Microsoft Store for Business The private store is typically named after your organization Only apps with online licenses can be added to the private store. An app can be added: When you acquire the app You add it later from your inventory
Knowledge Check Test your knowledge of this lesson by reviewing the Knowledge Check questions in your student manual
Summary In this lesson you examined the following items: With Windows 10, Microsoft introduced the Microsoft Store for Business, which is meant for organizations of all sizes Microsoft Store for Business enables organizations to set up a private store, which is available only to company employees, and add modern Windows apps to that private store A private store can include publicly available, business-related apps that were purchased from the Microsoft Store for Business
Lab 8 – Implement the Microsoft Store for Business
Lab exercises Exercise 1: Configure the Microsoft Store for Business Task 1 Sign up for Microsoft Store for Business and perform initial configuration Exercise 2: Manage the Microsoft Store for Business Task 1 Add apps to your private store Task 2 View your private store as a company employee
Lesson 5: Plan for application management
Introduction Many companies are still using traditional Win32 apps, also called desktop apps, on their Windows devices On Windows 10 devices you can also run Microsoft Store apps and Universal Windows Platform (UWP) apps Traditional application management Win32 Kerberos/NTLM auth. Configuration Manager app deployment Modern application management Microsoft Store for Business + Web/SaaS applications Azure AD Intune app deployment
Protect company data by using app protection policies Mobile Application Management (MAM) is a suite of management features that enables you to publish, push, configure, secure, monitor, and update mobile apps MAM is configured in Intune by using app protection policies The benefits of using App protection policies include: Protecting your company data at the app level End-user productivity is not impacted, and the policies are not applied when using the app in a personal context App protection policies can be applied to mobile apps on iOS and Android devices that support MAM
Explore app management using Configuration Manager Configuration Manager is the recommended tool for deploying and managing desktop apps, and it can also be used for deploying Microsoft Store apps In Configuration Manager, you can deploy apps by configuring applications or by using the traditional method of configuring packages and programs (for example, by creating an MSIX package) Configuration Manager must be connected to Intune to be able to manage mobile apps To apply restrictions to an app, the app must incorporate the Microsoft Intune App Software Development Kit (SDK)
Explore app management using Intune You can use Intune for managing the lifecycle of traditional desktop apps, as well as modern Microsoft Store apps You can assign and manage apps on Intune enrolled devices, as well as on devices that are not enrolled to Intune Intune MAM supports two configurations: Intune MDM + MAM MAM without device enrollment App lifecycle Add Deploy Configure Protect Retire
Explore app management using Azure AD Azure AD provides the following benefits for application management: Application authentication and authorization User authentication and authorization SSO using password synchronization User provisioning and synchronization Role-based access control Application publishing and proxy
Knowledge Check Test your knowledge of this lesson by reviewing the Knowledge Check questions in your student manual
Summary In this lesson, you examined the following items: Many companies are still using traditional Win32 apps, also called desktop apps, on their Windows devices On Windows 10 devices you can also run Microsoft Store apps and Universal Windows Platform (UWP) apps You learned how to manage apps using: Configuration Manager Intune Azure AD
Lesson 6: Module Review
Discussion – Module Review What are your key takeaways from this module, and why? What are the key features discussed in this module that you foresee implementing at your organization?
Closing slide
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 44
- Slides 48
- Age 467 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views