MD-102 : Microsoft 365 Endpoint Administrator

In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management, co-management approaches, and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for Endpoint are explored to protect devices and data.

AUDIENCE PROFILE

The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.

Job role: Administrator

Preparation for exam: MD-102

PREREQUISITES

The Modern Desktop Administrator must be familiar with M365 workloads and must have strong skills and experience of deploying, configuring, and maintaining Windows 11 and later, and non-Windows devices.

Module 1: Prepare for a Windows client deployment

Lessons

  • Select a deployment tool based on requirements
  • Choose between migrate and rebuild
  • Choose an imaging and/or provisioning strategy
  • Select a Windows edition based on requirements
  • Implement subscription-based activation

Module 2: Plan and implement a Windows client deployment by using Windows Autopilot

Lessons

  • Configure device registration for Autopilot
  • Create, validate, and assign deployment profiles
  • Set up the Enrollment Status Page (ESP)
  • Deploy Windows devices by using Autopilot
  • Troubleshoot an Autopilot deployment

Module 3: Plan and implement a Windows client deployment by using the Microsoft Deployment Toolkit (MDT)

Lessons

  • Plan and implement an MDT deployment infrastructure
  • Create, manage, and deploy images
  • Monitor and troubleshoot a deployment
  • Plan and configure user state migration

Module 4: Configure remote management

Lessons

  • Configure Remote Help in Intune
  • Configure Remote Desktop on a Windows client
  • Configure the Windows Admin Center
  • Configure PowerShell remoting and Windows Remote Management (WinRM)

Module 5: Manage identity

Lessons

  • Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
  • Manage role-based access control (RBAC) for Intune
  • Register devices in and join devices to Azure AD
  • Implement the Intune Connector for Active Directory
  • Manage the membership of local groups on Windows devices
  • Implement and manage Local Administrative Passwords Solution (LAPS) for Azure AD

Module 6: Implement compliance policies for all supported device platforms by using Intune

Lessons

  • Specify compliance policies to meet requirements
  • Implement compliance policies
  • Implement Conditional Access policies that require a compliance status
  • Manage notifications for compliance policies
  • Monitor device compliance
  • Troubleshoot compliance policies

Module 7: Manage the device lifecycle in Intune

Lessons

  • Configure enrollment settings
  • Configure automatic and bulk enrollment, including Windows, Apple, and Android
  • Configure policy sets
  • Restart, retire, or wipe devices

Module 8: Manage device configuration for all supported device platforms by using Intune

Lessons

  • Specify configuration profiles to meet requirements
  • Implement configuration profiles
  • Monitor and troubleshoot configuration profiles
  • Configure and implement Windows kiosk mode
  • Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile
  • Plan and implement Microsoft Tunnel for Intune

Module 9: Monitor devices

Lessons

  • Monitor devices by using Intune
  • Monitor devices by using Azure Monitor
  • Analyze and respond to issues identified in Endpoint analytics and Adoption Score

Module 10: Manage device updates for all supported device platforms by using Intune

Lessons

  • Plan for device updates
  • Create and manage update policies by using Intune
  • Manage Android updates by using configuration profiles
  • Monitor updates
  • Troubleshoot updates in Intune
  • Configure Windows client delivery optimization by using Intune
  • Create and manage update rings by using Intune

Module 11: Implement endpoint protection for all supported device platforms

Lessons

  • Implement and manage security baselines in Intune
  • Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)
  • Onboard devices to Defender for Endpoint
  • Implement automated response capabilities in Defender for Endpoint
  • Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard

Module 12: Deploy and update apps for all supported device platforms

Lessons

  • Deploy apps by using Intune
  • Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT)
  • Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
  • Deploy Microsoft 365 Apps by using Intune
  • Configure policies for Office apps by using Group Policy or Intune
  • Deploy apps to platform-specific app stores by using Intune

Module 13: Plan and implement app protection and app configuration policies

Lessons

  • Plan and implement app protection policies for iOS and Android
  • Manage app protection policies
  • Implement Conditional Access policies for app protection policies
  • Plan and implement app configuration policies for managed apps and managed devices
  • Manage app configuration policies