Microsoft 365 from Basic to Advanced

Microsoft Intune and Active Directory GPOs (Group Policy Objects) have similar device management goals, but they work in different ways. Intune does not "replace" GPOs, but it has evolved to meet modern cloud-based environments.

The cleaning of obsolete devices in Microsoft Intune is essential to maintain an efficient and secure management environment, removing devices that are no longer used or that are not in compliance.

In Microsoft Intune, applications can be classified into different categories to facilitate management and distribution.

Policy sets in Microsoft Intune allow you to create a package of references for existing management entities that need to be identified, targeted, and monitored as a single conceptual unit. These sets are assignable collections of apps, policies, and other management objects that you have created. They allow you to select many different objects at once and assign them in a single place. As your organization changes, you can revisit a policy set to add or remove its objects and assignments.

A política de quiosque no Microsoft Intune permite que dispositivos Windows sejam configurados para executar apenas um aplicativo específico, bloqueando o acesso a outras funcionalidades do sistema. Para configurar um quiosque, você pode criar um perfil de configuração no Intune, onde pode definir opções como o modo de quiosque de aplicativo único ou de várias aplicações. Além disso, é importante garantir que os dispositivos estejam em conformidade com as políticas de segurança e que os aplicativos que os usuários acessarão estejam listados e permitidos.

Attack surfaces are all the places where your organization is vulnerable to cyber threats and attacks. Defender for Endpoint includes several features to help reduce attack surfaces.

In Microsoft Intune, you can use the property catalog to collect and view the hardware properties of your managed Windows devices. When you create the policy, you can select specific properties to collect, such as BIOS version, disk information, memory details, and network adapter settings.

Delivery Optimization in Intune allows Windows devices to download updates and apps from alternative sources, such as other peers on the network, in addition to traditional Internet-based servers. This helps reduce the bandwidth and time required to get updates for Windows 10 and 11. To set up this solution, users can use Group Policy or an MDM solution like Intune. The setup process can be easier with Intune, which allows using delivery optimization settings for Windows devices.

App protection policies can apply to apps running on devices that may or may not be managed by Intune.

The options available in application protection policies allow organizations to tailor protection to their specific needs. For some, it may not be obvious which policy settings are needed to implement a complete scenario. To help organizations prioritize mobile client endpoint protection, Microsoft introduced the taxonomy for the data protection architecture of application protection policies for iOS and Android.

The association of local groups in Microsoft Intune allows administrators to manage local user groups centrally, automating the addition or removal of accounts and acting as an advanced security feature. To create a local user group association policy, administrators must access the Intune portal, select the Account Protection option, and create a new Policy. Then, they must define which Windows local groups they want to manage and how Intune should handle these groups. This functionality is especially useful for maintaining a security standard on Windows devices managed by Intune.

The Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password for a local administrator account on your Microsoft Entra or Windows Server Active Directory joined devices. You can also use Windows LAPS to manage and automatically back up your Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it.

Remediation packages are script packages that can detect and fix common support issues on a user's device before they even realize a problem exists. Remediation packages can help reduce support calls and support requests. You can create your own script package or implement a built-in script package.

Microsoft Intune is a powerful tool for mobile device management (MDM) and mobile application management (MAM), enabling companies to secure and manage devices, data, and applications across a wide range of platforms. However, while configuring Intune, some common errors may arise, impacting the effectiveness of the solution and the security of your devices.

With Intune, you can deploy updates to Windows devices through policies for feature updates and driver updates. Intune offers built-in reporting to help you understand compatibility risks that may affect devices during or after an update. The reports include the Windows Feature Update Device Readiness Report and the Windows Feature Update Compatibility Risk Report, which provides an overview of the top compatibility risks in your organization. To use these reports, you must ensure that devices are configured correctly for data collection and that users have the necessary licenses.

Microsoft Defender offers several security policies to protect devices, emails, and corporate data against cyber threats.

Shared mailboxes in Microsoft 365 are used to allow multiple people to access and manage emails at a single address, such as support@company.com or sales@company.com.

Blocking Microsoft Teams in Microsoft 365 can be done in several ways, depending on the level of restriction desired.

Dynamic groups in Microsoft 365 are a feature of Microsoft Entra ID (formerly Azure AD) that allows the automatic creation of groups based on user rules and attributes.

Microsoft Entra records all sign-ins in a Microsoft Entra tenant, which includes your internal applications and resources. As an IT administrator, you need to know what the input log details mean so that you can interpret the log values ​​correctly.

Examining credential errors and patterns provides valuable information about how users access applications and services. Inbound logs provided by Microsoft Entra ID are an advanced type of activity log that can be analyzed.

Multifactor authentication (also known as MFA, two-factor authentication, or 2FA) requires a second method of verification for user logins and improves account security.

Enrolling in Microsoft Intune in Microsoft 365 allows devices to be managed remotely across your organization, ensuring security and compliance. This process is essential for companies that need to control access to corporate applications and data.

Microsoft recommends that organizations block authentication requests that use legacy protocols that do not support multi-factor authentication. Based on Microsoft's analysis, more than 97% of credential stuffing attacks use legacy authentication, and more than 99% of password spray attacks use legacy authentication protocols. These attacks would stop with basic authentication disabled or blocked.

The storage space in SharePoint on Microsoft 365 depends on the subscribed plan and the amount of data stored by users and teams.

The file synchronization between SharePoint and OneDrive in Microsoft 365 allows users to access and edit documents stored in the cloud directly on their devices. This facilitates collaboration and ensures that the latest versions of the files are always available.