Microsoft 365 Endpoint Administrator

Целевая аудитория

Администраторы конечных станций Microsoft 365, отвечающие за развертывание, настройку, защиту, управление и мониторинг устройств и клиентских приложений в корпоративной среде. В их обязанности входит управление идентификацией, доступом, политиками, обновлениями и приложениями.

Совместно с администраторами M365 Enterprise они разрабатывают и реализуют стратегию устройств, соответствующую требованиям современной организации. Их роль делает упор на облачные службы, а не локальные технологии управления.

Предварительные требования

Администратор современного рабочего стола должен быть знаком с рабочими нагрузками M365 и иметь хорошие навыки и опыт развертывания, настройки и обслуживания Windows 11 и более поздних версий, а также устройств, отличных от Windows.

Программа курса

Explore the Enterprise Desktop

• Describe the benefits of Modern Management
• Explain the enterprise desktop life-cycle model
• Describe considerations for planning hardware strategies
• Describe considerations for post-deployment and retirement

Explore Windows Editions

• Explain the differences between the different editions of Windows
• Select the most suitable Windows device for your needs
• Describe the minimum recommended hardware requirements for installing Windows 11

Understand Azure Active Directory

• Describe Azure AD
• Compare Azure AD to Active Directory Domain Services (AD DS)
• Describe how Azure AD is used as a directory for cloud apps
• Describe Azure AD Premium P1 and P2
• Describe Azure AD Domain Services

Manage Azure Active Directory identities

• Describe RBAC and user roles in Azure AD
• Create and manage users in Azure AD
• Create and manage groups in Azure AD
• Use Windows PowerShell cmdlets to manage Azure AD
• Describe how you can synchronize objects from AD DS to Azure AD

Manage device authentication

• Describe Azure AD join
• Describe Azure AD join prerequisites, limitations and benefits
• Join device to Azure AD
• Manage devices joined to Azure AD

Enroll devices using Microsoft Configuration Manager

• Describe Microsoft Endpoint Manager
• Understand the advantages of managing a client with Configuration Manager
• Deploy the Configuration Manager client
• Monitor the Configuration Manager client
• Manage Configuration Manager devices

Enroll devices using Microsoft Intune

• Prepare Microsoft Intune for device enrollment
• Configure Microsoft Intune for automatic enrollment
• Explain how to enroll Windows, Android and iOS devices in Intune
• Explain when and how to use Intune Enrollment Manager
• Understand how to monitor and perform remote actions on enrolled devices

Execute device profiles

• Describe the various types of device profiles in Intune
• Explain the difference between built-in and custom profiles
• Create and manage profiles

Oversee device profiles

• Monitor the assignments of profiles
• Understand how profiles are synchronized and how to manually force synchronization
• Use PowerShell to execute and monitor scripts on devices

Maintain user profiles

• Explain the various user profile types that exist in Windows
• Describe how a user profile works
• Configure user profiles to conserve space
• Explain how to deploy and configure Folder Redirection
• Explain Enterprise State Roaming
• Configure Enterprise State Roaming for Azure AD devices

Execute mobile application management

• Explain Mobile Application Management
• Understand application considerations in MAM
• Explain how to use Configuration Manager for MAM
• Use Intune for MAM
• Implement and manage MAM policies

Deploy and update applications

• Explain how to deploy applications using Intune and Configuration Manager
• Learn how to deploy applications using Group Policy
• Understand Microsoft Store Apps
• Learn how to deploy apps using Microsoft Store Apps
• Learn how to configure Microsoft Store Apps

Administer endpoint applications

• Explain how to manage apps in Intune
• Understand how to manage apps on non-enrolled devices
• Understand how to deploy Microsoft 365 Apps using Intune
• Learn how to configure and manage IE mode in Microsoft Edge
• Learn about app inventory options in Intune

Protect identities in Active Directory Domain Services

• Describe Windows Hello for Business
• Describe Windows Hello deployment and management
• Describe Azure AD Identity Protection
• Describe and manage self-service password reset in Azure AD
• Describe and manage multi-factor authentication

Enable organizational access

• Describe how you can access corporate resources
• Describe VPN types and configuration
• Describe Always On VPN
• Describe how to configure Always On VPN

Implement device compliance

• Describe device compliance policy
• Deploy a device compliance policy
• Describe conditional access
• Create conditional access policies

Generate inventory and compliance reports

• Generate inventory reports and Compliance reports using Microsoft Intune
• Report and monitor device compliance
• Create custom reports using the Intune Data Warehouse
• Use the Microsoft Graph API for building custom reports

Deploy device data protection

• Describe Windows Information Protection
• Plan for Windows Information Protection usage
• Implement and use Windows Information Protection
• Describe the Encrypting File System (EFS)
• Describe BitLocker

Manage Microsoft Defender for Endpoint

• Describe Microsoft Defender for Endpoint
• Describe key capabilities of Microsoft Defender for Endpoint
• Describe Microsoft Defender Application Guard
• Describe Microsoft Defender Exploit Guard
• Describe Windows Defender System Guard

Manage Microsoft Defender in Windows client

• Describe Windows Security capabilities
• Describe Windows Defender Credential Guard
• Manage Microsoft Defender Antivirus
• Manage Windows Defender Firewall
• Manage Windows Defender Firewall with Advanced Security

Manage Microsoft Defender for Cloud Apps

• Describe Microsoft Defender for Cloud Apps
• Plan for Microsoft Defender for Cloud Apps usage
• Implement and use Microsoft Defender for Cloud Apps

Assess deployment readiness

• Describe the guidelines for an effective enterprise desktop deployment
• Explain how to assess the current environment
• Describe the tools that you can use to assess your current environment
• Describe the methods of identifying and mitigating application compatibility issues
• Explain considerations for planning a phased rollout

Deploy using the Microsoft Deployment Toolkit

• Describe the fundamentals of using images in traditional deployment methods
• Describe the key benefits, limitations, and decisions when planning a deployment of - Windows using the Microsoft Deployment Toolkit (MDT)
• Describe how Configuration Manager builds upon MDT and how both can work in harmony
• Explain the different options and considerations when choosing the user interaction experience during deployment and which methods and tools support these experiences

Deploy using Microsoft Configuration Manager

• Describe the capabilities of Configuration Manager
• Describe the key components of Configuration Manager
• Describe how to troubleshoot Configuration Manager deployments

Deploy Devices using Windows Autopilot

• Explain the benefits of modern deployment for new devices
• Describe the process of preparing for an Autopilot deployment
• Describe the process of registering devices in Autopilot
• Describe the different methods and scenarios of Autopilot deployments
• Describe how to troubleshoot common Autopilot issues
• Describe the process of deployment using traditional methods

Implement dynamic deployment methods

• Describe how Subscription Activation works
• Describe the benefits of Provisioning Packages
• Explain how Windows Configuration Designer creates Provisioning Packages
• Describe the benefits of using MDM enrollment with Azure AD join

Plan a transition to modern endpoint management

• Identify usage scenarios for Azure AD join
• Identify workloads that you can transition to Intune
• Identify prerequisites for co-management
• Identify considerations for transitioning to modern management
• Plan a transition to modern management using existing technologies
• Plan a transition to modern management using Microsoft Intune

Manage Windows 365

• Describe the key features of Windows 365
• Describe the Windows 365 management experience
• Describe the Windows 365 security model
• Describe the Windows 365 deployment options
• Describe the Windows 365 licensing model

Manage Azure virtual desktop

• Describe the key features of Azure Virtual Desktop
• Describe the Azure Virtual Desktop management experience
• Describe the Azure Virtual Desktop security model
• Describe the Azure Virtual Desktop deployment options

Документы об окончании курса

• Сертификат Microsoft об окончании авторизованного курса
• Cертификат Учебного центра Noventiq
• Cертификат об обучении установленного образца