Managing Modern Desktops (MD-101)

Explain co-management of Windows 10 devices using gp and mdm in a hybrid environment, and demonstrate precedence rules and the control policy conflict setting.

Understand migrating group policy to MDM policies with Intune in a hybrid co-management setup, using MMAT to compare settings and plan the migration from on-premises group policy to MDM.

Learn how conditional access works with compliance policies in Intune and Azure to gate cloud resources, enforce device standards like firewall, and manage BYOD scenarios.

Build and test conditional access by configuring device compliance policies, notifications, and locations in Intune, then apply Windows Defender settings and future conditional access policy blocks in Azure AD.

Learn to create conditional access policies that pair device compliance with grants or blocks on Azure resources using Intune, with terms of use and multi-factor authentication.

Plan, configure, and deploy device profiles with Intune, using pilot groups and assignments, monitor per-device or per-user policies, and resolve cross-platform conflicts.

Configure device configuration profiles in Intune, monitor deployments, and troubleshoot conflicts. View status by device, user, and per setting, and resolve conflicts to ensure correct policy application.

Manage user profiles with folder redirection, roaming profiles, and enterprise state roaming. Learn to configure group policy and network shares to provide per-user folders across machines.

Set up and test folder redirection and roaming profiles using group policy and AD, configure shares and permissions, and compare instant redirection with roaming behavior while noting offline file options.

Configure roaming user profiles and folder redirection to streamline logon and data access, and enable enterprise state roaming to synchronize settings across devices via Azure AD.

Discover how Windows Defender Application Guard isolates untrusted sites by running Edge in a Hyper-V container and supports standalone and enterprise modes with Group Policy, Local Policy, and Intune.

Explore Windows Defender Credential Guard, a virtualization-based security feature that isolates credentials in an isolated Local Security Authority to protect login data, deployable via Group Policy or Intune.

Protect devices from exploits by configuring Windows Defender Exploit Guard's four components: exploit protection, attack surface reduction, network protection, and control folder access, through Windows Security, group policy, and Intune.

Learn how to implement Windows Defender Exploit Guard, including attack surface reduction rules and exploit protection, using Intune, Group Policy, and PowerShell, with emphasis on GUIDs, audit mode, and exclusions.

Windows Defender Exploit Guard part 3 explores network protection, control folder access, and customization options, with methods via group policy, PowerShell, Intune, and Windows Security.

Explore Windows Defender application control, a whitelist-based security that protects system, kernel, and user modes, supports audit mode, and guides policy creation and deployment via group policy.

Learn to create and merge device guard policies using Windows Defender Application Control, run in audit mode to harvest blocked items, then enforce a single merged policy with binary deployment.

Discover windows defender antivirus, built into windows 10 and managed with windows security, with real-time protection, updates via windows update, cloud delivered protection, and automatic sample submission, flexible scan options.

Enable device enrollment by setting Intune as the mobile device management authority in Azure Active Directory, assigning licenses to users, and selecting supported platforms, with enrollment restrictions.

Discover how to implement Intune and Azure Active Directory terms of use for device enrollment and access control. Create multi-language terms, deploy via conditional access, and manage user consent.

Explore how Intune enrollment restrictions control device type and device limit, apply platform and version filters, and assign policies to groups in the Azure portal.

Learn how to create and use Intune device categories to automatically assign devices to dynamic groups in Azure Active Directory, enabling category-based policies for iOS, Android, and Windows enrollments.

Identify corporate devices in Intune using imei numbers or serial numbers, import a csv or enter data manually, and enforce enrollment rules for corporate versus personal devices.

Configure a device enrollment manager in Intune to enroll up to 1,000 devices without user affinity using a licensed generic account; note each device requires an Intune license.

Enable automatic enrollment of Windows devices via Microsoft Intune and configure MDM scope. Create DNS CNAME records for enterprise enrollment and enterprise registration to simplify enrollment for roaming users.

Enroll Apple devices with Intune by obtaining an Apple MDM Push certificate, generating and uploading a CSR, then using Apple configurator or BYOD with the company portal.

Enroll Apple devices part two guides enrolling macOS devices in Intune, including Apple MDM push certificate setup and portal, noting macOS apps cannot be deployed yet but devices are manageable.

Enroll Android devices by installing the Company Portal and signing in to Intune. Set up enrollment restrictions and work profiles to separate personal and work data.

Learn to view and customize device inventories in Intune, add or remove columns, apply filters by ownership and OS, and export reports to CSV for external analysis.

Learn to monitor device health and compliance using Intune, tracking device actions, audit logs, and log analytics to detect security risks and policy gaps.

Explore the next steps in monitoring device health with Windows Health attestation, configuring Intune device compliance (BitLocker, secure boot, code integrity), and tracking threat agent status and Defender updates.

Learn to deploy Microsoft Store apps with Intune by adding Microsoft Store apps, configuring details, obtaining the store URL, and assigning to groups for company portal delivery.

Learn to deploy Google Play Store apps to Android devices via Microsoft Intune and Managed Google Play. Create approvals, sync catalogs, and assign apps to groups within the work profile.

Learn to deploy Apple App Store apps with Intune by configuring Apple enrollment and MDM push certificates, selecting and assigning iOS store apps to groups, and testing in the portal.

Explore how to create and manage a private Microsoft Store for Business, synchronize it with Intune, and deploy store apps to groups via a private store and assignments.

Deploy Office 365 Pro Plus with Microsoft Intune, using configuration designer or XML data, meeting Windows 10 Creator Update, Pro Plus licenses, MSI removal, and group-based deployment.

Learn to deploy Office 365 Pro Plus to macOS via Microsoft Intune, selecting the macOS suite, and assigning the full Word, Excel, PowerPoint, Outlook, and OneNote apps with auto-update.

Learn to sideload universal Windows platform apps by enabling sideloading, signing with trusted certificates, and deploying via GUI, group policy, or PowerShell, including handling dependencies and provisioning for images.

enable kiosk mode (assigned access) in Windows 10 Enterprise or Education to lock a device to a single app or multiple apps, configured via Settings or Intune.

Explore how to configure IE enterprise mode to automate browser compatibility, using a centralized XML site list, group policy deployment, and Edge compatibility to ensure older sites render correctly.

Assess readiness for an Office 365 upgrade with the Office readiness toolkit, analyzing VBA and add-ins in your most recently used documents to generate actionable readiness reports.

Learn to implement and manage mobile application management policies with Microsoft Intune across iOS, Android, and Windows, protecting corporate data on BYOD and managed devices, preventing data leakage.

Explore configuring Windows information protection for Windows 10 devices using mobile application management with Intune, including policy creation, protected apps, and corporate data controls.

Configure Azure information protection to classify and protect data with labeling and rights management. Apply labels to emails and documents, enforcing permissions across devices and the cloud.

Configure Azure information protection by creating labels with protection options like header, footer, and watermark, assign them via policies, and enable unified labeling for cross-platform use.

Configure azure information protection by deploying the azure information protection client, applying labels and policies in Office apps, and enforcing do not forward and read-only permissions to protect data.